Jump to content

Free help from tech experts
Welcome to Geeks to Go forums. Create an account now to gain access to all our features. Once registered and logged in, you will be able to create topics, post replies to existing topics, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. Best of all, registration and all assistance is 100% free! This message, and all ads will be removed once you have signed in.
Sign In Create Account

Browser Redirect - hijack [Solved]


  • This topic is locked This topic is locked

#1
gehl

gehl

    New Member

  • Member
  • Pip
  • 9 posts
Within the past few weeks I've somehow picked up the browser redirect malware/virus. When I do any searches in Google or Yahoo on IE or Firefox and click on a search result link I am redirected to different (random) pages. I've run my McAfee scanner to no avail. I've also run Malwarebytes, HijackThis and ComboFix and I am no longer redirected, but I am not certain if my system is completely clean. I have also tried running GMER but my system locks up every time (or gives me the blue screen of death and I end up rebooting). I am hoping someone can help me out. Below I have posted my Malwarebytes and HijackThis logs. Thanks in advance!

Malwarebytes log:

Malwarebytes' Anti-Malware 1.42
Database version: 3399
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/20/2009 7:43:07 PM
mbam-log-2009-12-20 (19-43-07).txt

Scan type: Quick Scan
Objects scanned: 136993
Time elapsed: 7 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

----------------------------------------

HijackThis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:48:03 PM, on 12/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\iPass\iPassConnect\iPCAgent.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\system32\SMCSTA.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\eFax Messenger 4.0\J2GTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\mqsvc.exe
C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo....?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = webproxy.int.westgroup.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.thomson.com;*westgroup.com;*westlaw.com
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SMCSTA.EXE] SMCSTA.EXE START
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: eFax DllCmd 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} (Photo Upload Plugin Class) - http://samsclubus.pn...veX_Control.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11837 bytes
  • 0

Similar Topics: Browser Redirect - hijack [Solved]     x


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %PROGRAMFILES%\*.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

  • 0

#3
gehl

gehl

    New Member

  • Member
  • Pip
  • 9 posts
Thanks for your help. Below are the contents of the two files.

OTL.txt

OTL logfile created on: 12/22/2009 11:46:37 AM - Run 1
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Our Downloads\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 25.56 Gb Free Space | 22.88% Space Free | Partition Type: NTFS
Drive D: | 27.95 Gb Total Space | 27.88 Gb Free Space | 99.75% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GEHLINGFABFIVE
Current User Name: Eve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/22 11:42:55 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Our Downloads\OTL\OTL.exe
PRC - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 10:23:32 | 00,262,160 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\mcvsshld.exe
PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/21 09:55:32 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/12/08 15:50:04 | 00,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe
PRC - [2008/10/10 04:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 18:12:27 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\mqtgsvc.exe
PRC - [2008/04/13 18:12:27 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\mqsvc.exe
PRC - [2008/04/13 18:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/06 10:08:10 | 00,397,312 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
PRC - [2007/03/15 11:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/01/04 15:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/09/08 11:06:20 | 00,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005/06/23 15:00:44 | 00,107,008 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
PRC - [2005/06/23 14:58:15 | 00,500,224 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.0\J2GTray.exe
PRC - [2005/05/12 00:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2005/05/11 23:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2005/01/07 13:15:58 | 01,409,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2004/10/19 10:27:44 | 00,282,624 | ---- | M] (iPass Inc) -- C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
PRC - [2004/10/19 10:23:30 | 00,090,112 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPCAgent.exe
PRC - [2004/07/16 05:37:50 | 00,290,816 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe
PRC - [2004/07/14 07:02:58 | 00,053,248 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/04/20 12:24:50 | 00,131,072 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
PRC - [2004/04/20 12:24:50 | 00,053,248 | ---- | M] (TODO: <Company name>) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
PRC - [2004/03/04 10:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE
PRC - [2004/03/04 10:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXPPS.EXE
PRC - [2003/11/03 12:46:00 | 00,073,728 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe
PRC - [2003/09/03 19:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
PRC - [2003/08/13 09:27:40 | 00,028,672 | ---- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe
PRC - [2003/08/06 00:04:00 | 00,114,741 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
PRC - [2003/05/31 17:02:32 | 07,544,916 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
PRC - [2003/02/20 08:21:16 | 00,046,080 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\SYSTEM32\DRIVERS\CDANTSRV.EXE
PRC - [2002/04/03 00:01:00 | 00,135,264 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
PRC - [2002/03/23 09:43:00 | 00,195,072 | ---- | M] (SMC Networks, Inc.) -- C:\WINDOWS\SYSTEM32\SMCSTA.exe
PRC - [2001/08/13 10:49:10 | 00,344,064 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\fpdisp4.exe
PRC - [2000/06/26 06:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
PRC - [1999/12/13 08:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE


========== Modules (SafeList) ==========

MOD - [2009/12/22 11:42:55 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Our Downloads\OTL\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2009/01/24 21:24:43 | 00,137,200 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/10/10 04:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/04/13 18:12:27 | 00,117,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\mqtgsvc.exe -- (MSMQTriggers)
SRV - [2008/04/13 18:12:27 | 00,004,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\mqsvc.exe -- (MSMQ)
SRV - [2008/04/13 18:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 18:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 18:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe -- (IISADMIN)
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/01/07 13:15:58 | 01,409,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2004/10/22 09:05:14 | 01,028,096 | ---- | M] (iPass) [On_Demand | Stopped] -- C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe -- (iPassConnectEngine)
SRV - [2004/10/19 10:23:30 | 00,090,112 | ---- | M] (iPass, Inc.) [Auto | Running] -- C:\Program Files\iPass\iPassConnect\iPCAgent.exe -- (iPCAgent)
SRV - [2004/03/04 10:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE -- (LexBceS)
SRV - [2003/11/03 12:46:00 | 00,073,728 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\nvsvc32.exe -- (NVSvc)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/05/31 17:02:32 | 07,544,916 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe -- (MSSQL$MICROSOFTBCM)
SRV - [2003/03/03 12:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2003/02/20 08:21:16 | 00,046,080 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\CDANTSRV.EXE -- (C-DillaSrv)
SRV - [2002/12/17 18:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTBCM)
SRV - [2000/06/26 06:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe -- (WMDM PMSP Service)
SRV - [1999/12/13 08:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV - [2009/09/16 09:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 11:32:26 | 00,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys -- (MPFP)
DRV - [2008/05/08 08:02:52 | 00,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 12:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\61883.sys -- (61883)
DRV - [2008/04/13 12:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avc.sys -- (Avc)
DRV - [2008/04/13 12:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\msdv.sys -- (MSDV)
DRV - [2008/04/13 12:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008/04/13 12:39:44 | 00,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mqac.sys -- (MQAC)
DRV - [2008/04/13 12:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/08/01 21:42:02 | 00,015,793 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc80211.sys -- (MDC80211) iPass Protocol (IEEE 802.1x)
DRV - [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/01/07 13:14:30 | 00,297,035 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2004/12/22 00:32:12 | 00,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/08/03 23:29:49 | 00,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 23:29:47 | 00,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 23:29:45 | 00,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 23:29:43 | 00,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 23:29:42 | 00,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 23:29:41 | 00,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 23:29:37 | 00,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 23:29:37 | 00,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 23:29:37 | 00,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 23:29:36 | 00,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 23:29:26 | 00,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/06/06 23:17:04 | 00,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MxlW2k.sys -- (MxlW2k)
DRV - [2004/03/05 21:15:34 | 00,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 21:14:42 | 01,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 21:13:52 | 00,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 21:13:38 | 00,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2004/02/02 11:29:00 | 00,139,604 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dne2000.sys -- (DNE)
DRV - [2003/12/08 23:02:46 | 00,014,336 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NetMotCM.sys -- (ndiscm)
DRV - [2003/11/03 12:46:00 | 01,330,940 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2003/09/22 10:43:06 | 01,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2003/09/22 06:48:06 | 00,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 06:47:38 | 00,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2003/08/28 20:40:26 | 00,189,792 | ---- | M] (Zone Labs Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\vsdatant.sys -- (vsdatant)
DRV - [2003/08/06 00:04:00 | 00,100,373 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2003/08/06 00:04:00 | 00,098,068 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2003/08/06 00:04:00 | 00,083,284 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2003/08/06 00:04:00 | 00,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2003/08/06 00:04:00 | 00,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2003/08/06 00:04:00 | 00,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2003/08/06 00:04:00 | 00,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2003/08/06 00:04:00 | 00,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2003/08/06 00:04:00 | 00,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2003/07/31 02:21:00 | 00,084,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2003/07/30 01:02:00 | 00,017,168 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2003/07/14 10:28:40 | 00,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2003/07/14 10:28:22 | 00,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/06/20 01:56:00 | 00,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2003/05/01 12:26:34 | 00,005,220 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CVirtA.sys -- (CVirtA)
DRV - [2003/03/04 10:56:26 | 00,145,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys -- (E100B) Intel®
DRV - [2003/02/20 08:22:48 | 00,058,288 | ---- | M] (Macrovision) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CDANT.SYS -- (C-Dilla)
DRV - [2002/11/08 12:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/08/29 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2002/03/23 09:33:00 | 00,051,712 | ---- | M] (SMC Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SMCNDS.sys -- (SMC)
DRV - [2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 11:11:06 | 00,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2000/11/28 14:05:00 | 00,045,096 | ---- | M] (Intersil Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CW10.sys -- (CW10)
DRV - [2000/02/25 12:27:32 | 00,008,184 | ---- | M] (Neesus Datacom Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NDCPRTNS.sys -- (Ndcprtns)
DRV - [1999/12/17 00:00:00 | 00,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.thomson.com;*westgroup.com;*westlaw.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = webproxy.int.westgroup.com:80

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://yahoo.com/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..network.proxy.ftp: "webproxy.int.westgroup.com"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "webproxy.int.westgroup.com"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "webproxy.int.westgroup.com"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "*.thomson.com,*westgroup.com,*westlaw.com"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "webproxy.int.westgroup.com"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "webproxy.int.westgroup.com"
FF - prefs.js..network.proxy.ssl_port: 80

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/12/19 23:22:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/19 22:35:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/19 22:29:19 | 00,000,000 | ---D | M]

[2009/07/19 22:36:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\Mozilla\Extensions
[2009/07/19 22:36:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\Mozilla\Firefox\Profiles\7jji0477.default\extensions
[2009/07/19 22:29:40 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2005/09/15 17:26:00 | 00,044,153 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\inspector.dll
[2003/12/07 21:54:56 | 00,061,556 | ---- | M] (JavaSoft / Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPJava11.dll
[2003/12/07 21:54:56 | 00,061,556 | ---- | M] (JavaSoft / Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPJava12.dll
[2003/12/07 21:54:56 | 00,061,556 | ---- | M] (JavaSoft / Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPJava13.dll
[2003/12/07 21:54:56 | 00,061,556 | ---- | M] (JavaSoft / Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPJava32.dll
[2003/12/07 21:54:56 | 00,061,553 | ---- | M] (JavaSoft / Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPJPI141_07.dll
[2003/12/07 21:54:56 | 00,061,557 | ---- | M] (JavaSoft / Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPOJI610.dll

O1 HOSTS File: (879 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 my.web2.westlaw
O1 - Hosts: 127.0.0.1 my.uk.westlaw
O1 - Hosts: 127.0.0.1 my.ecarswell.westlaw
O1 - Hosts: 127.0.0.1 my.au.westlaw
O1 - Hosts: 127.0.0.1 my.international.westlaw
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [diagent] C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dla] C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\fpdisp4.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe (TODO: <Company name>)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SMCSTA.EXE] C:\WINDOWS\System32\SMCSTA.exe (SMC Networks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax DllCmd 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax Tray Menu 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GTray.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{B8221906-224A-4494-BB97-55FC63740019}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll File not found
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...84/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://samsclubus.pn...veX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 12:36:02 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2006/04/07 11:03:07 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {02f78298-8af6-495c-9ecb-b6ae68678186} - KB867282
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {04d6265d-6b5d-41c3-9e7c-48be15919643} - KB890923
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {2337076a-dd0c-43a6-8d85-54070578a42f} - KB912812
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Macromedia Shockwave Director 10.1.1
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4d64f3ba-f112-4efe-a02e-96680859937c} - KB918899
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} - KB918439
ActiveX: {5c9ff2bf-938d-47fe-85d9-9dbab4f65018} - KB897715
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {689e5762-8d75-4346-90cf-bc1902c32d63} - KB896688
ActiveX: {6b0d63a7-bf2d-45df-877b-b22d4c0eddbd} - KB887797
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {79844cfb-ac65-4e10-a06a-c974234f40d0} - KB883939
ActiveX: {82ced0ff-a00d-4405-ba5f-ef4699159333} - KB896727
ActiveX: {839117ee-2132-4bae-a56a-42b50204c9b9} - KB889293
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8ade8c02-8da6-4ec1-a9ee-ec00ff73ce98} - Internet Explorer Q903235
ActiveX: {8EFA4753-7169-4CC3-A28B-0A1643B8A39B} - Microsoft .NET Framework 1.1 Hotfix (KB886903)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} -
ActiveX: {ae594d5e-dd07-4e54-8252-daa5aebbd4ec} - KB905915
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: {f54910c7-a2f3-4ca4-81b2-4a43a5e2680a} - KB916281
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ctmp3 - C:\WINDOWS\SYSTEM32\ctmp3.acm (Creative Technology Ltd.)
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.MP42 - C:\WINDOWS\System32\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.MP43 - C:\WINDOWS\System32\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.MPG4 - C:\WINDOWS\System32\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvid.dll ()
Drivers32: wave1 - C:\WINDOWS\System32\SERWVDRV.DLL (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\SERWVDRV.DLL (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/12/20 21:38:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2009/12/20 19:32:35 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/12/20 19:21:37 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/12/20 19:03:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2009/12/20 19:03:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2009/12/20 19:03:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2009/12/20 19:03:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2009/12/20 19:03:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2009/12/20 19:03:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2009/12/20 19:03:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2009/12/20 19:03:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2009/12/20 19:03:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2009/12/20 19:03:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2009/12/20 19:03:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2009/12/20 19:03:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2009/12/20 19:03:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2009/12/20 19:03:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2009/12/20 19:03:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2009/12/20 19:03:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2009/12/20 19:03:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2009/12/14 22:14:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eve\Application Data\HpUpdate
[2009/12/14 22:13:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2009/12/09 02:58:23 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/12/09 02:55:30 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/12/09 02:55:30 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/12/09 02:55:30 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/12/09 02:55:30 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/12/09 02:55:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/09 02:47:22 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/09 02:14:22 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/09 02:11:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/12/09 02:10:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/09 02:10:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/12/09 02:10:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Threat Expert
[2009/12/09 02:02:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eve\Local Settings\Application Data\Threat Expert
[2009/12/09 01:45:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/08 23:30:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eve\Application Data\Malwarebytes
[2009/12/08 23:30:35 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/08 23:30:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/08 23:30:29 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/08 23:30:29 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/08 22:57:40 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/12/08 22:31:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eve\Application Data\HP
[2009/09/15 19:04:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2009/08/15 16:19:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/03/18 21:42:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\SACore
[2008/04/30 18:37:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/03/04 17:19:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/01/18 23:19:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2006/01/18 23:19:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2004/09/29 14:35:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2004/06/06 22:36:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2004/05/20 10:07:22 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2002/04/10 23:41:00 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[1 C:\Documents and Settings\Eve\My Documents\*.tmp files -> C:\Documents and Settings\Eve\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/22 11:38:32 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/12/22 11:38:09 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/12/22 11:15:29 | 00,590,136 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/22 11:15:29 | 00,486,806 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/12/22 11:15:29 | 00,091,922 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/12/22 11:11:45 | 00,047,657 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/12/22 11:11:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/22 11:11:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/12/22 11:10:59 | 32,202,46528 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/22 00:31:58 | 09,175,040 | ---- | M] () -- C:\Documents and Settings\Eve\ntuser.dat
[2009/12/22 00:31:55 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Eve\NTUSER.INI
[2009/12/20 19:32:36 | 00,000,615 | ---- | M] () -- C:\Documents and Settings\Eve\Desktop\NTREGOPT.lnk
[2009/12/20 19:32:36 | 00,000,596 | ---- | M] () -- C:\Documents and Settings\Eve\Desktop\ERUNT.lnk
[2009/12/15 01:04:58 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/15 00:33:45 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/10 21:42:51 | 00,288,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/09 03:57:47 | 00,000,731 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/12/09 02:58:38 | 00,000,281 | RHS- | M] () -- C:\BOOT.INI
[2009/12/09 02:14:22 | 00,001,738 | ---- | M] () -- C:\Documents and Settings\Eve\Desktop\HijackThis.lnk
[2009/12/09 02:09:38 | 00,000,879 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2009/12/09 00:14:15 | 00,260,096 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/12/08 23:30:37 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/06 22:16:40 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\Documents and Settings\Eve\My Documents\*.tmp files -> C:\Documents and Settings\Eve\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/20 19:32:36 | 00,000,615 | ---- | C] () -- C:\Documents and Settings\Eve\Desktop\NTREGOPT.lnk
[2009/12/20 19:32:36 | 00,000,596 | ---- | C] () -- C:\Documents and Settings\Eve\Desktop\ERUNT.lnk
[2009/12/09 02:58:37 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/12/09 02:58:28 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/12/09 02:55:30 | 00,260,096 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/12/09 02:55:30 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/12/09 02:55:30 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/12/09 02:55:30 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/12/09 02:55:30 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/09 02:14:22 | 00,001,738 | ---- | C] () -- C:\Documents and Settings\Eve\Desktop\HijackThis.lnk
[2009/12/08 23:30:37 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2007/12/05 21:02:16 | 00,000,056 | ---- | C] () -- C:\WINDOWS\System32\nett12.dll
[2006/12/15 11:26:27 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/14 14:57:25 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/12/14 14:44:43 | 00,000,869 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/12/14 14:44:26 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/01/20 15:59:07 | 00,000,193 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2006/01/20 13:12:25 | 00,000,365 | ---- | C] () -- C:\WINDOWS\PSADMIN.INI
[2006/01/07 00:26:21 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\nhciClassInstall.dll
[2006/01/07 00:07:50 | 00,001,081 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/11/28 09:29:01 | 00,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2005/08/29 22:29:58 | 00,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2005/07/08 17:16:23 | 00,425,984 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/06/03 15:44:32 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/05/23 21:43:52 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/21 22:16:49 | 00,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2005/01/07 13:15:56 | 00,172,056 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/01/07 13:10:26 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2004/09/07 09:38:26 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\Eve\Local Settings\Application Data\fusioncache.dat
[2004/08/30 20:18:41 | 00,012,273 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/08/18 19:15:46 | 00,035,328 | ---- | C] () -- C:\Documents and Settings\Eve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/07/20 15:45:15 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\Hlinkprx.dll
[2004/06/15 21:54:01 | 00,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2004/06/15 21:52:07 | 00,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2004/06/15 21:52:07 | 00,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2004/06/15 21:46:22 | 00,000,196 | ---- | C] () -- C:\WINDOWS\EPSONRX600.ini
[2004/06/09 21:19:12 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/06/08 20:25:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2004/06/08 20:24:48 | 00,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2004/06/08 20:24:47 | 00,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2004/06/08 20:24:39 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2004/06/08 20:24:39 | 00,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2004/06/08 20:24:36 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2004/05/20 10:49:41 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/05/20 10:41:32 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/05/20 10:33:58 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/05/20 10:33:43 | 00,002,572 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2004/05/20 10:33:43 | 00,002,158 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2004/05/20 10:33:43 | 00,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2004/05/20 10:33:43 | 00,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/05/20 10:33:18 | 00,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/05/20 10:31:26 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/05/20 10:08:04 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/02/10 14:08:00 | 00,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2004/01/23 08:03:50 | 00,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2003/11/20 12:18:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/22 14:59:06 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\DriverSetupApi.dll
[2003/07/08 12:41:48 | 00,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/13 14:40:22 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[1979/12/31 23:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/04 00:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2001/08/17 12:58:00 | 00,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2009/12/06 22:16:40 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2009/12/06 22:16:40 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DLLCACHE\atapi.sys
[2009/12/06 22:16:40 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/03 23:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2003/04/23 08:29:54 | 00,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\I386\atapi.sys
[2003/04/23 08:29:54 | 00,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2003/04/23 08:29:54 | 00,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 01:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2002/08/29 04:00:00 | 00,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\I386\EVENTLOG.DLL

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2002/08/29 04:00:00 | 00,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\I386\NETLOGON.DLL
[2004/08/04 01:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 01:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2002/08/29 04:00:00 | 00,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\I386\SCECLI.DLL
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

< %PROGRAMFILES%\*. >
[2005/06/01 21:57:06 | 00,000,000 | ---D | M] -- C:\Program Files\ABBYY FineReader 5.0 Sprint
[2004/07/20 15:45:12 | 00,000,000 | ---D | M] -- C:\Program Files\Access 97 Runtime
[2008/07/18 09:28:24 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
[2006/12/15 11:14:39 | 00,000,000 | ---D | M] -- C:\Program Files\Ahead
[2004/06/15 21:54:00 | 00,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2008/04/30 18:49:27 | 00,000,000 | ---D | M] -- C:\Program Files\Audible
[2007/08/01 21:10:34 | 00,000,000 | ---D | M] -- C:\Program Files\Cisco Systems
[2004/05/20 10:31:00 | 00,000,000 | ---D | M] -- C:\Program Files\Classic PhoneTools
[2009/12/15 01:02:50 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/05/20 10:07:26 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/05/04 20:15:13 | 00,000,000 | ---D | M] -- C:\Program Files\Creative
[2008/05/04 20:15:22 | 00,000,000 | -H-D | M] -- C:\Program Files\Creative Installation Information
[2005/07/08 16:18:16 | 00,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2005/05/23 20:53:20 | 00,000,000 | ---D | M] -- C:\Program Files\Dell
[2004/05/20 10:38:48 | 00,000,000 | ---D | M] -- C:\Program Files\Dell Computer
[2006/01/20 17:12:20 | 00,000,000 | ---D | M] -- C:\Program Files\Dell Photo Printer 720
[2008/03/02 13:15:04 | 00,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2007/04/09 23:16:09 | 00,000,000 | ---D | M] -- C:\Program Files\DellSupport
[2005/07/08 22:36:16 | 00,000,000 | ---D | M] -- C:\Program Files\DVD Decrypter
[2005/10/24 12:02:09 | 00,000,000 | ---D | M] -- C:\Program Files\eFax Messenger 4.0
[2004/06/15 21:54:54 | 00,000,000 | ---D | M] -- C:\Program Files\EPSON
[2009/12/20 19:32:41 | 00,000,000 | ---D | M] -- C:\Program Files\ERUNT
[2007/08/01 21:41:31 | 00,000,000 | ---D | M] -- C:\Program Files\ETS Installs
[2008/12/10 22:07:54 | 00,000,000 | ---D | M] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2009/01/24 21:24:42 | 00,000,000 | ---D | M] -- C:\Program Files\Google
[2004/06/09 21:46:03 | 00,000,000 | ---D | M] -- C:\Program Files\HighMAT CD Writing Wizard
[2009/12/14 22:14:40 | 00,000,000 | ---D | M] -- C:\Program Files\HP
[2004/06/08 20:58:20 | 00,000,000 | ---D | M] -- C:\Program Files\HTML Help Workshop
[2008/07/18 19:47:06 | 00,000,000 | ---D | M] -- C:\Program Files\Illustrate
[2008/07/18 19:30:03 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2004/05/20 10:31:08 | 00,000,000 | ---D | M] -- C:\Program Files\Intel
[2009/12/09 03:54:05 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2007/08/01 21:41:59 | 00,000,000 | ---D | M] -- C:\Program Files\iPass
[2006/04/05 01:35:36 | 00,000,000 | ---D | M] -- C:\Program Files\ItsDeductible2005
[2007/03/11 12:45:04 | 00,000,000 | ---D | M] -- C:\Program Files\ItsDeductible2006
[2005/04/08 16:38:45 | 00,000,000 | ---D | M] -- C:\Program Files\ItsDeductibleEX
[2004/05/20 10:39:05 | 00,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc
[2005/10/01 19:36:51 | 00,000,000 | ---D | M] -- C:\Program Files\Java
[2008/07/18 19:31:26 | 00,000,000 | ---D | M] -- C:\Program Files\JetAudio
[2004/05/20 10:35:10 | 00,000,000 | ---D | M] -- C:\Program Files\Learn2.com
[2009/12/09 01:14:50 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/19 23:23:15 | 00,000,000 | ---D | M] -- C:\Program Files\McAfee
[2006/09/10 23:04:08 | 00,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2005/07/08 20:21:00 | 00,000,000 | ---D | M] -- C:\Program Files\McFunSoft Video Solution
[2009/02/17 21:43:27 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger
[2004/06/08 20:49:48 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft ACT
[2004/05/20 10:40:40 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2007/05/11 21:31:54 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2004/05/20 10:07:30 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2004/05/20 10:35:53 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Money
[2007/03/11 11:38:11 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2007/12/09 17:15:49 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Press Training Kit Exam Prep
[2009/12/10 21:42:48 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2004/05/20 10:41:56 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2004/06/08 22:11:47 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2004/06/08 21:23:22 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio .NET 2003
[2005/05/23 22:26:31 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2004/05/20 10:39:32 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2008/12/10 22:07:55 | 00,000,000 | ---D | M] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2004/05/20 10:30:52 | 00,000,000 | ---D | M] -- C:\Program Files\Modem Helper
[2004/05/20 10:31:14 | 00,000,000 | ---D | M] -- C:\Program Files\Modem On Hold
[2009/02/17 21:33:15 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/12/08 23:11:18 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2004/06/08 21:45:36 | 00,000,000 | ---D | M] -- C:\Program Files\MSDN
[2008/12/16 23:43:08 | 00,000,000 | ---D | M] -- C:\Program Files\MSECache
[2004/05/20 10:07:20 | 00,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/05/20 10:07:24 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2004/05/20 10:37:48 | 00,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2006/12/15 11:17:34 | 00,000,000 | ---D | M] -- C:\Program Files\Nero
[2009/02/17 21:29:15 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2005/05/23 22:32:25 | 00,000,000 | ---D | M] -- C:\Program Files\OfficeUpdate11
[2004/05/20 10:07:26 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services
[2004/10/18 11:08:15 | 00,000,000 | ---D | M] -- C:\Program Files\Open Workbench
[2009/09/09 00:44:55 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2005/08/29 22:28:53 | 00,000,000 | ---D | M] -- C:\Program Files\Panasonic
[2006/01/04 00:39:45 | 00,000,000 | ---D | M] -- C:\Program Files\PM FASTrack
[2004/05/20 10:35:08 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2004/05/20 10:34:53 | 00,000,000 | ---D | M] -- C:\Program Files\Real
[2007/08/01 20:27:16 | 00,000,000 | ---D | M] -- C:\Program Files\RSA Security
[2005/07/08 23:15:41 | 00,000,000 | ---D | M] -- C:\Program Files\Sigma Player
[2004/06/15 21:53:30 | 00,000,000 | ---D | M] -- C:\Program Files\Smart Panel
[2006/11/15 21:08:30 | 00,000,000 | ---D | M] -- C:\Program Files\SnapStickers
[2004/05/20 10:31:28 | 00,000,000 | ---D | M] -- C:\Program Files\Sonic
[2009/03/24 20:50:39 | 00,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2005/11/02 17:48:23 | 00,000,000 | ---D | M] -- C:\Program Files\support.com
[2008/12/10 22:07:55 | 00,000,000 | ---D | M] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2007/12/05 21:03:14 | 00,000,000 | ---D | M] -- C:\Program Files\Transcender
[2009/12/09 02:14:22 | 00,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2009/03/24 20:10:03 | 00,000,000 | ---D | M] -- C:\Program Files\TurboTax
[2005/07/20 19:39:23 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/10/25 00:09:54 | 00,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2005/07/08 22:11:21 | 00,000,000 | ---D | M] -- C:\Program Files\vso
[2005/05/23 21:29:45 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Journal Viewer
[2008/07/18 18:08:37 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/02/17 21:29:11 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/02/17 21:29:06 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/08/16 18:59:40 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2004/05/20 10:07:28 | 00,000,000 | ---D | M] -- C:\Program Files\XEROX
[2004/05/20 10:47:31 | 00,000,000 | ---D | M] -- C:\Program Files\Your Company Name

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-12-21 05:31:45

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >



Extras.txt

OTL Extras logfile created on: 12/22/2009 11:46:38 AM - Run 1
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Our Downloads\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 25.56 Gb Free Space | 22.88% Space Free | Partition Type: NTFS
Drive D: | 27.95 Gb Total Space | 27.88 Gb Free Space | 99.75% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GEHLINGFABFIVE
Current User Name: Eve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\SYSTEM32\mqsvc.exe" = C:\WINDOWS\SYSTEM32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SYSTEM32\LEXPPS.EXE" = C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- (Lexmark International, Inc.)
"C:\WINDOWS\SYSTEM32\mqsvc.exe" = C:\WINDOWS\SYSTEM32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04214FC6-598A-4819-A1BC-7AC88242C437}" = eFax Messenger 4.0
"{0594472B-42DC-4E29-A161-2CCC011AE7DE}" = TurboTax 2008 wmniper
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0B53B71D-9E2F-42B8-9123-96354872D166}" = EPSON Photo Print
"{0E0131B2-CF18-40D9-A331-60A3746C1204}" = EPSON Scan
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1B2DBF55-05D4-4072-87D8-689141E262BD}" = Creative ZEN
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36495C59-089C-49D1-BD15-9E5BD86DC9A1}" = ItsDeductible Express
"{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series
"{3C7A488C-5093-4130-91AC-7A0DD7FCD970}" = Microsoft Press Training Kit Exam Prep Suite 70-536
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{410438A3-B591-4028-B70A-3CC0B33FBCD1}" =
"{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Ultra Edition
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{50EE4C77-15A1-11D6-8C3F-0050DA81FFD8}" = RSA SecurID Software Token
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5DF68560-292A-11D5-99D1-00010256D40E}" = DV Studio3
"{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = Sonic MyDVD
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{625BD732-ACDF-4552-BF22-98EBB413B6F3}" = McAfee Shredder
"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = ArcSoft Software Suite
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6774F0CF-C7DD-4CB4-BCB2-11C3E08BBA03}" = McAfee Shredder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.2
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90560409-6D54-11D4-BEE3-00C04F990354}" = Microsoft Visio for Enterprise Architects SR-1 [English]
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91F00409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Standard 2003 Trial
"{95120000-0038-0409-0000-0000000FF1CE}" = Time Zone Data Update Tool for Microsoft Office Outlook
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6FFA58-F491-11D3-8951-000000027821}" = iPassConnect
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE704636-ECD0-426C-952E-05B8DABD1949}" = EPSON PhotoStarter3.2
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{B8221906-224A-4494-BB97-55FC63740019}" = Cisco Systems VPN Client 4.6.01.0019
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BC03FCE8-388F-48C0-9600-B53ACB297B5F}" = ArcSoft Software Suite
"{C83855C4-B47C-4033-9655-E22CAB601B62}" = Open Workbench
"{CA532E73-1BB7-11D8-9D6A-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_07
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic
"{E05F0409-0E9A-48A1-AC04-E35E3033604A}" = Visual Studio .NET Enterprise Architect 2003 - English
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F12D0979-B2E1-4FAE-B5E3-9A1E6D0D89B4}" = MSDN Library - April 2004
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AudibleManager" = AudibleManager
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo Printer 720" = Dell Photo Printer 720
"Dell Photo Printer 720 Logger" = Dell Photo Printer 720 Logger
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"FinePrint2000" = FinePrint 2000
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{50EE4C77-15A1-11D6-8C3F-0050DA81FFD8}" = RSA SecurID Software Token
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Intel® 537EP V9x DFV PCI Modem" = Intel® 537EP V9x DFV PCI Modem
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McFunSoft Video Solution_is1" = McFunSoft Video Solution v3.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.1)" = Mozilla Firefox (3.5.1)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"PM FASTrack®" = PM FASTrack®
"PROSet" = Intel® PRO Network Adapters and Drivers
"Q903235" = Internet Explorer Q903235
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"Sigma Player_is1" = Sigma Player 1.0
"Silent Package Run-Time Sample" = EPSON SPRX600 Reference Guide
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SysInfo" = Creative System Information
"Transcender Test Engine" = Transcender Test Engine
"Transcender: Exam Cert-70-528CSHP " = Transcender: Exam Cert-70-528CSHP
"Transcender: Exam Cert-70-536CSHP " = Transcender: Exam Cert-70-536CSHP
"TurboTax 2008" = TurboTax 2008
"TurboTax Deluxe 2004" = TurboTax Deluxe 2004
"TurboTax Deluxe 2005" = TurboTax Deluxe 2005
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Visual SourceSafe 6.0" = Microsoft Visual SourceSafe 6.0
"Visual Studio .NET Enterprise Architect 2003 - English" = Microsoft Visual Studio .NET Enterprise Architect 2003 - English
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZEN (MTP) Media Explorer" = ZEN Media Explorer
"ZENcast Organizer" = ZENcast Organizer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/13/2009 7:45:43 AM | Computer Name = GEHLINGFABFIVE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 11/6/2009 1:59:45 PM | Computer Name = GEHLINGFABFIVE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16876, faulting
module unknown, version 0.0.0.0, fault address 0x60143840.

Error - 11/25/2009 2:04:13 AM | Computer Name = GEHLINGFABFIVE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: An internal certificate chaining error has occurred.

Error - 11/27/2009 12:39:45 PM | Computer Name = GEHLINGFABFIVE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16876, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/8/2009 2:04:14 AM | Computer Name = GEHLINGFABFIVE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16876, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/9/2009 12:55:10 AM | Computer Name = GEHLINGFABFIVE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16876, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/9/2009 4:44:01 AM | Computer Name = GEHLINGFABFIVE | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2108 (0x83c) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435
/ 5301.4018 Object being scanned = \Device\HarddiskVolume3\DOCUMENTS AND SETTINGS\EVE\LOCAL
SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\LHYX1F4N\COMBOFIX[1].EXE by C:\Program
Files\Spyware Doctor\pctsSvc.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 12/15/2009 1:13:23 AM | Computer Name = GEHLINGFABFIVE | Source = pctsSvc.exe | ID = 0
Description =

Error - 12/20/2009 10:57:29 PM | Computer Name = GEHLINGFABFIVE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16945, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/20/2009 11:32:42 PM | Computer Name = GEHLINGFABFIVE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16945, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/20/2009 11:26:12 PM | Computer Name = GEHLINGFABFIVE | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 12/20/2009 11:32:37 PM | Computer Name = GEHLINGFABFIVE | Source = Service Control Manager | ID = 7031
Description = The McAfee Services service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 12/20/2009 11:33:37 PM | Computer Name = GEHLINGFABFIVE | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the McAfee Services service, but
this action failed with the following error: %%1056

Error - 12/20/2009 11:35:21 PM | Computer Name = GEHLINGFABFIVE | Source = Service Control Manager | ID = 7031
Description = The McAfee Services service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 12/20/2009 11:35:32 PM | Computer Name = GEHLINGFABFIVE | Source = Service Control Manager | ID = 7031
Description = The McAfee Proxy Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 12/20/2009 11:35:36 PM | Computer Name = GEHLINGFABFIVE | Source = Service Control Manager | ID = 7031
Description = The McAfee Personal Firewall Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
5000 milliseconds: Run the configured recovery program.

Error - 12/20/2009 11:40:14 PM | Computer Name = GEHLINGFABFIVE | Source = System Error | ID = 1003
Description = Error code d0000144, parameter1 c0000005, parameter2 0034000a, parameter3
00000000, parameter4 0034000a.

Error - 12/20/2009 11:44:29 PM | Computer Name = GEHLINGFABFIVE | Source = Service Control Manager | ID = 7031
Description = The McAfee Services service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 12/20/2009 11:45:32 PM | Computer Name = GEHLINGFABFIVE | Source = Service Control Manager | ID = 7031
Description = The McAfee Personal Firewall Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
5000 milliseconds: Run the configured recovery program.

Error - 12/21/2009 12:00:03 AM | Computer Name = GEHLINGFABFIVE | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 00000000, parameter2 0000001c, parameter3
00000001, parameter4 896a48d4.


< End of report >
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is Unchecked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
  • 0

#5
gehl

gehl

    New Member

  • Member
  • Pip
  • 9 posts
Hi -

Sorry, but I am unable to run GMER. Each time I try it runs for over an hour and then something happens where the cpu max's out. GMER continues to run but very very slowly but then I eventually get the blue screen of death. I can reboot, but I get the same result if I try GMER again. Any other suggestions? Thanks.
  • 0

#6
gehl

gehl

    New Member

  • Member
  • Pip
  • 9 posts
fyi - I will be away for a few days over the holidays, but will keep checking for postings and follow any further instructions. Thanks.
  • 0

#7
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#8
gehl

gehl

    New Member

  • Member
  • Pip
  • 9 posts
Hi -

I tried downloaded combofix, but McAfee kept quarantining it, so I ended up turning McAfee off and saving the file as combo-fix.exe and was able to run it. Hope that was ok. Below is the combofix.txt log. Thanks.

ComboFix 09-12-26.05 - Eve 12/27/2009 17:54:39.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2516 [GMT -6:00]
Running from: c:\documents and settings\Eve\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-28 )))))))))))))))))))))))))))))))
.

2009-12-25 17:00 . 2009-12-25 17:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-25 17:00 . 2009-12-25 17:00 28696928 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\UPCInstaller.exe
2009-12-25 16:59 . 2009-12-25 16:59 71502672 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\DidjPlugin.exe
2009-12-25 16:57 . 2009-12-25 17:00 -------- d-----w- c:\program files\LeapFrog
2009-12-25 16:57 . 2009-12-25 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Leapfrog
2009-12-21 03:38 . 2009-12-21 03:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-12-21 01:32 . 2009-12-21 01:32 -------- d-----w- c:\program files\ERUNT
2009-12-15 04:14 . 2009-12-15 04:15 -------- d-----w- c:\documents and settings\Eve\Application Data\HpUpdate
2009-12-15 04:13 . 2009-12-15 04:13 -------- d-----w- c:\windows\Hewlett-Packard
2009-12-09 08:28 . 2009-12-09 08:28 -------- d-sh--w- c:\documents and settings\LocalService\UserData
2009-12-09 08:14 . 2009-12-09 08:14 -------- d-----w- c:\program files\Trend Micro
2009-12-09 08:10 . 2009-12-09 08:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-12-09 08:10 . 2009-12-09 08:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert
2009-12-09 08:02 . 2009-12-09 08:02 -------- d-----w- c:\documents and settings\Eve\Local Settings\Application Data\Threat Expert
2009-12-09 07:45 . 2009-12-15 05:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-09 05:30 . 2009-12-09 05:30 -------- d-----w- c:\documents and settings\Eve\Application Data\Malwarebytes
2009-12-09 05:30 . 2009-12-03 22:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-09 05:30 . 2009-12-09 05:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-09 05:30 . 2009-12-09 07:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-09 05:30 . 2009-12-03 22:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-09 04:57 . 2009-12-09 04:57 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-12-09 04:31 . 2009-12-09 04:31 -------- d-----w- c:\documents and settings\Eve\Application Data\HP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-20 05:23 . 2004-11-14 04:35 -------- d-----w- c:\program files\McAfee
2009-12-15 04:14 . 2006-12-14 20:47 -------- d-----w- c:\program files\HP
2009-12-11 03:42 . 2008-03-30 02:11 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-07 04:16 . 1980-01-01 05:00 96512 ------w- c:\windows\system32\drivers\atapi.sys
2009-10-29 07:46 . 2006-06-23 16:33 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2002-08-29 10:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2006-05-14 09:13 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2002-08-29 10:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2002-08-29 10:00 79872 ----a-w- c:\windows\system32\raschap.dll
2005-09-15 23:26 . 2005-01-17 04:45 44153 ----a-w- c:\program files\mozilla firefox\components\inspector.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-12-15_07.04.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-02 04:56 . 2006-12-02 04:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2009-12-27 23:38 . 2009-12-27 23:38 16384 c:\windows\Temp\Perflib_Perfdata_a00.dat
- 2004-05-20 16:20 . 2009-12-15 06:39 91922 c:\windows\SYSTEM32\PERFC009.DAT
+ 2004-05-20 16:20 . 2009-12-27 23:42 91922 c:\windows\SYSTEM32\PERFC009.DAT
+ 2009-12-25 17:04 . 2009-12-25 17:04 84661 c:\windows\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
- 2004-01-23 14:03 . 2009-12-15 04:09 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2004-01-23 14:03 . 2009-12-27 23:26 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
- 2009-12-09 09:34 . 2009-12-15 04:09 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2009-12-16 02:17 . 2009-12-27 23:26 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
- 2004-05-20 16:41 . 2009-12-09 10:00 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2004-05-20 16:41 . 2009-12-21 05:31 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2004-05-20 16:41 . 2009-12-09 10:00 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2004-05-20 16:41 . 2009-12-21 05:31 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2004-05-20 16:41 . 2009-12-09 10:00 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2004-05-20 16:41 . 2009-12-21 05:31 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2004-05-20 16:41 . 2009-12-09 10:00 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2004-05-20 16:41 . 2009-12-21 05:31 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2004-05-20 16:41 . 2009-12-09 10:00 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2004-05-20 16:41 . 2009-12-21 05:31 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2004-05-20 16:41 . 2009-12-21 05:31 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2004-05-20 16:41 . 2009-12-09 10:00 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-12-21 01:33 . 2009-12-21 01:33 8192 c:\windows\ERDNT\12-20-2009\Users\00000002\UsrClass.dat
+ 2004-05-20 16:20 . 2009-12-27 23:42 486806 c:\windows\SYSTEM32\PERFH009.DAT
- 2004-05-20 16:20 . 2009-12-15 06:39 486806 c:\windows\SYSTEM32\PERFH009.DAT
+ 2009-08-03 21:07 . 2009-08-03 21:07 230768 c:\windows\SYSTEM32\OGAEXEC.exe
+ 2009-08-03 21:07 . 2009-08-03 21:07 403816 c:\windows\SYSTEM32\OGACheckControl.dll
+ 2009-08-03 21:07 . 2009-08-03 21:07 322928 c:\windows\SYSTEM32\OGAAddin.dll
+ 2009-10-28 03:40 . 2009-10-28 03:40 257440 c:\windows\SYSTEM32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2006-11-11 04:48 . 2009-12-27 23:42 268888 c:\windows\SYSTEM32\INETSRV\MetaBase.bin
+ 2009-12-21 01:04 . 2009-12-21 01:04 119296 c:\windows\Installer\49701.msi
- 2004-05-20 16:41 . 2009-12-09 10:00 409600 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2004-05-20 16:41 . 2009-12-21 05:31 409600 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2004-05-20 16:41 . 2009-12-21 05:31 286720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2004-05-20 16:41 . 2009-12-09 10:00 286720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2004-05-20 16:41 . 2009-12-09 10:00 249856 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2004-05-20 16:41 . 2009-12-21 05:31 249856 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2004-05-20 16:41 . 2009-12-21 05:31 794624 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2004-05-20 16:41 . 2009-12-09 10:00 794624 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2004-05-20 16:41 . 2009-12-09 10:00 135168 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2004-05-20 16:41 . 2009-12-21 05:31 135168 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2004-05-20 16:41 . 2009-12-09 10:00 593920 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2004-05-20 16:41 . 2009-12-21 05:31 593920 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-12-21 01:33 . 2005-10-20 18:02 163328 c:\windows\ERDNT\12-20-2009\ERDNT.EXE
+ 2009-10-28 03:40 . 2009-10-28 03:40 3885984 c:\windows\SYSTEM32\Macromed\Flash\NPSWF32.dll
+ 2009-12-25 17:01 . 2009-12-25 17:01 1033728 c:\windows\Installer\be360.msi
+ 2009-12-25 17:00 . 2009-12-25 17:00 7610880 c:\windows\Installer\be35a.msi
+ 2009-12-17 04:58 . 2009-12-17 04:58 5382144 c:\windows\Installer\55c81b.msp
+ 2009-12-21 01:33 . 2009-12-21 01:33 9007104 c:\windows\ERDNT\12-20-2009\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-08 94208]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMCSTA.EXE"="SMCSTA.EXE START" [X]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-05-20 77824]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2004-04-20 131072]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-04-20 53248]
"FinePrint Dispatcher v4"="c:\windows\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe" [2001-08-13 344064]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-07-14 53248]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-07-16 290816]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728]

c:\documents and settings\Jeff\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2004-6-8 225280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2006-1-20 315392]
eFax DllCmd 4.0.lnk - c:\program files\eFax Messenger 4.0\J2GDllCmd.exe [2005-10-24 107008]
eFax Tray Menu 4.0.lnk - c:\program files\eFax Messenger 4.0\J2GTray.exe [2005-10-24 500224]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
VPN Client.lnk - c:\windows\Installer\{B8221906-224A-4494-BB97-55FC63740019}\Icon3E5562ED7.ico [2007-8-1 6144]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\WINDOWS\\SYSTEM32\\mqsvc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R1 Ndcprtns;Ndcprtns;c:\windows\SYSTEM32\DRIVERS\NDCPRTNS.sys [2/25/2000 12:27 PM 8184]
R2 iPCAgent;iPCAgent;c:\program files\iPass\iPassConnect\iPCAgent.exe [8/1/2007 9:41 PM 90112]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/4/2008 10:00 PM 93320]
R2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9;c:\windows\SYSTEM32\DRIVERS\mdc80211.sys [8/1/2007 9:42 PM 15793]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/25/2008 12:09 AM 24652]
S3 CW10;SMC 11Mbps EZ Connect Wireless Win2K Driver;c:\windows\SYSTEM32\DRIVERS\CW10.sys [11/28/2000 2:05 PM 45096]
S3 NHCI;NHCI;c:\windows\system32\DRIVERS\nhci.sys --> c:\windows\system32\DRIVERS\nhci.sys [?]
S3 NHCIENUM;NHCIENUM;c:\windows\system32\DRIVERS\nhcienum.sys --> c:\windows\system32\DRIVERS\nhcienum.sys [?]
S3 SMC;SMC EZ Connect Wireless LAN Driver;c:\windows\SYSTEM32\DRIVERS\SMCNDS.sys [6/6/2004 9:41 PM 51712]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyServer = webproxy.int.westgroup.com:80
uInternet Settings,ProxyOverride = *.thomson.com;*westgroup.com;*westlaw.com
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Eve\Application Data\Mozilla\Firefox\Profiles\7jji0477.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-27 18:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Driver Signing]
@Denied: (2) (Administrators)
"Policy"=hex:00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4272)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-12-27 18:03:52
ComboFix-quarantined-files.txt 2009-12-28 00:03
ComboFix2.txt 2009-12-15 07:07
ComboFix3.txt 2009-12-09 09:31

Pre-Run: 27,209,633,792 bytes free
Post-Run: 27,171,434,496 bytes free

- - End Of File - - 19B4C2A15C410F9B53321974E3226352
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Mia::
c:\windows\system32\drivers\atapi.sys

KillAll::

Driver::
NHCI
NHCIENUM

File::
c:\windows\system32\DRIVERS\nhci.sys
c:\windows\system32\DRIVERS\nhcienum.sys


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#10
gehl

gehl

    New Member

  • Member
  • Pip
  • 9 posts
Here is the new combofix.txt log.

ComboFix 09-12-27.04 - Eve 12/28/2009 10:36:23.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2524 [GMT -6:00]
Running from: c:\documents and settings\Eve\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Eve\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\system32\DRIVERS\nhci.sys"
"c:\windows\system32\DRIVERS\nhcienum.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NHCI
-------\Service_NHCIENUM


((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-28 )))))))))))))))))))))))))))))))
.

2009-12-25 17:00 . 2009-12-25 17:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-25 16:57 . 2009-12-25 17:00 -------- d-----w- c:\program files\LeapFrog
2009-12-25 16:57 . 2009-12-25 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Leapfrog
2009-12-21 03:38 . 2009-12-21 03:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-12-21 01:32 . 2009-12-21 01:32 -------- d-----w- c:\program files\ERUNT
2009-12-15 04:14 . 2009-12-15 04:15 -------- d-----w- c:\documents and settings\Eve\Application Data\HpUpdate
2009-12-15 04:13 . 2009-12-15 04:13 -------- d-----w- c:\windows\Hewlett-Packard
2009-12-09 08:28 . 2009-12-09 08:28 -------- d-sh--w- c:\documents and settings\LocalService\UserData
2009-12-09 08:14 . 2009-12-09 08:14 -------- d-----w- c:\program files\Trend Micro
2009-12-09 08:10 . 2009-12-09 08:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-12-09 08:10 . 2009-12-09 08:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert
2009-12-09 08:02 . 2009-12-09 08:02 -------- d-----w- c:\documents and settings\Eve\Local Settings\Application Data\Threat Expert
2009-12-09 07:45 . 2009-12-15 05:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-09 05:30 . 2009-12-09 05:30 -------- d-----w- c:\documents and settings\Eve\Application Data\Malwarebytes
2009-12-09 05:30 . 2009-12-03 22:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-09 05:30 . 2009-12-09 05:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-09 05:30 . 2009-12-09 07:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-09 05:30 . 2009-12-03 22:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-09 04:57 . 2009-12-09 04:57 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-12-09 04:31 . 2009-12-09 04:31 -------- d-----w- c:\documents and settings\Eve\Application Data\HP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-25 17:00 . 2009-12-25 17:00 28696928 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\UPCInstaller.exe
2009-12-25 16:59 . 2009-12-25 16:59 71502672 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\DidjPlugin.exe
2009-12-20 05:23 . 2004-11-14 04:35 -------- d-----w- c:\program files\McAfee
2009-12-15 04:14 . 2006-12-14 20:47 -------- d-----w- c:\program files\HP
2009-12-11 03:42 . 2008-03-30 02:11 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-07 04:16 . 1980-01-01 05:00 96512 ------w- c:\windows\system32\drivers\atapi.sys
2009-10-29 07:46 . 2006-06-23 16:33 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2002-08-29 10:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2006-05-14 09:13 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2002-08-29 10:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2002-08-29 10:00 79872 ----a-w- c:\windows\system32\raschap.dll
2005-09-15 23:26 . 2005-01-17 04:45 44153 ----a-w- c:\program files\mozilla firefox\components\inspector.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-08 94208]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMCSTA.EXE"="SMCSTA.EXE START" [X]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-05-20 77824]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2004-04-20 131072]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-04-20 53248]
"FinePrint Dispatcher v4"="c:\windows\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe" [2001-08-13 344064]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-07-14 53248]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-07-16 290816]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728]

c:\documents and settings\Jeff\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2004-6-8 225280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2006-1-20 315392]
eFax DllCmd 4.0.lnk - c:\program files\eFax Messenger 4.0\J2GDllCmd.exe [2005-10-24 107008]
eFax Tray Menu 4.0.lnk - c:\program files\eFax Messenger 4.0\J2GTray.exe [2005-10-24 500224]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
VPN Client.lnk - c:\windows\Installer\{B8221906-224A-4494-BB97-55FC63740019}\Icon3E5562ED7.ico [2007-8-1 6144]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\WINDOWS\\SYSTEM32\\mqsvc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R1 Ndcprtns;Ndcprtns;c:\windows\SYSTEM32\DRIVERS\NDCPRTNS.sys [2/25/2000 12:27 PM 8184]
R2 iPCAgent;iPCAgent;c:\program files\iPass\iPassConnect\iPCAgent.exe [8/1/2007 9:41 PM 90112]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/4/2008 10:00 PM 93320]
R2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9;c:\windows\SYSTEM32\DRIVERS\mdc80211.sys [8/1/2007 9:42 PM 15793]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/25/2008 12:09 AM 24652]
S3 CW10;SMC 11Mbps EZ Connect Wireless Win2K Driver;c:\windows\SYSTEM32\DRIVERS\CW10.sys [11/28/2000 2:05 PM 45096]
S3 SMC;SMC EZ Connect Wireless LAN Driver;c:\windows\SYSTEM32\DRIVERS\SMCNDS.sys [6/6/2004 9:41 PM 51712]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyServer = webproxy.int.westgroup.com:80
uInternet Settings,ProxyOverride = *.thomson.com;*westgroup.com;*westlaw.com
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Eve\Application Data\Mozilla\Firefox\Profiles\7jji0477.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-28 10:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Driver Signing]
@Denied: (2) (Administrators)
"Policy"=hex:00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3100)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\System32\DRIVERS\CDANTSRV.EXE
c:\windows\System32\CTsvcCDA.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\System32\inetsrv\inetinfo.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\windows\System32\msdtc.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\System32\mqsvc.exe
c:\windows\System32\mqtgsvc.exe
c:\windows\system32\SMCSTA.EXE
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\iPass\iPassConnect\downloader\ipccheck.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2009-12-28 10:53:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-28 16:53
ComboFix2.txt 2009-12-28 00:03
ComboFix3.txt 2009-12-15 07:07
ComboFix4.txt 2009-12-09 09:31

Pre-Run: 27,165,650,944 bytes free
Post-Run: 26,991,669,248 bytes free

- - End Of File - - 19017D254B937467946CB7CB92DFB925
  • 0

#11
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#12
gehl

gehl

    New Member

  • Member
  • Pip
  • 9 posts
Hi -

Thanks. Below are the MBAM and Kaspersky logs. Looks like MBAM did not find anything but Kaspersky did.

Malwarebytes' Anti-Malware 1.42
Database version: 3444
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/28/2009 1:02:05 PM
mbam-log-2009-12-28 (13-02-05).txt

Scan type: Quick Scan
Objects scanned: 138021
Time elapsed: 7 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, December 28, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, December 28, 2009 19:01:30
Records in database: 3414046
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Objects scanned: 138351
Threats found: 3
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 02:22:43


File name / Threat / Threats count
C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Outlook\outlook.ost Infected: Trojan-Spy.HTML.Bankfraud.ca 1
C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Outlook\outlook0.ost Infected: Trojan-Spy.HTML.Wamufraud.bo 2
C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Outlook\outlook0.ost Infected: Trojan-Spy.HTML.Bankfraud.ca 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\atapi.sys.vir Infected: Rootkit.Win32.TDSS.y 1

Selected area has been scanned.
  • 0

#13
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Download LockSearch to your desktop
  • A window will pop up, Press 2 and then Enter. A scan will start, let it run uninterrupted. It should only take a few minutes.
  • A log will appear when it is finished, it will also be saved in the same location as LockSearch, which should be on your desktop. Post the contents of the log in your reply


[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  • 0

#14
gehl

gehl

    New Member

  • Member
  • Pip
  • 9 posts
Wow! Thanks for the quick reply. Below are the LockSearch and OTL logs.

LockSearch by jpshortstuff (05.11.09.1)
Log created at 16:28 on 28/12/2009 (Eve)
Scanning C:\


C:\hiberfil.sys
-------------------------


C:\pagefile.sys
-------------------------


C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1348\A0146746.exe
-------------------------


C:\WINDOWS\$NtUninstallKB824141$\user32.dll
-------------------------
C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll [DE2DB164BBB35DB061AF0997E4499054 : 577024 bytes]
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [1800F293BCCC8EDE8A70E12B88D80036 : 577024 bytes]
C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [7AA4F6C00405DFC4B70ED4214E7D687B : 578048 bytes]
C:\WINDOWS\$NtServicePackUninstall$\user32.dll [B409909F6E2E8A7067076ED748ABF1E7 : 577536 bytes]
C:\WINDOWS\$NtUninstallKB824141$\user32.dll [Unable to get md5 : 528896 bytes]
C:\WINDOWS\$NtUninstallKB840987$\user32.dll [32173306185F603E75C477E117F3BB8D : 560128 bytes]
C:\WINDOWS\$NtUninstallKB890859$\user32.dll [C72661F8552ACE7C5C85E16A3CF505C4 : 577024 bytes]
C:\WINDOWS\$NtUninstallKB890859_0$\user32.dll [0706E1CD6B89800781DB038F4B3F5654 : 574464 bytes]
C:\WINDOWS\$NtUninstallKB891711$\user32.dll [31FB2D788A9AA618452C02E8375B6DCD : 560128 bytes]
C:\WINDOWS\$NtUninstallKB925902$\user32.dll [DE2DB164BBB35DB061AF0997E4499054 : 577024 bytes]
C:\WINDOWS\ERDNT\cache\user32.dll [B26B135FF1B9F60C9388B4A7D16F600B : 578560 bytes]
C:\WINDOWS\ServicePackFiles\i386\user32.dll [B26B135FF1B9F60C9388B4A7D16F600B : 578560 bytes]
C:\WINDOWS\SYSTEM32\user32.dll [B26B135FF1B9F60C9388B4A7D16F600B : 578560 bytes]


C:\WINDOWS\$NtUninstallKB824141$\win32k.sys
-------------------------
C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\win32k.sys [D9228D813D601BA27AF486D4D167C83E : 1836288 bytes]
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\win32k.sys [F92DA2BB088A56B3A5FB8151E58F2964 : 1836160 bytes]
C:\WINDOWS\$hf_mig$\KB896424\SP2GDR\win32k.sys [AD247B4B1EB5FA17C73908CFAE001237 : 1839488 bytes]
C:\WINDOWS\$hf_mig$\KB896424\SP2QFE\win32k.sys [98D0393AEBA65F52FE5B66845C5F3A6A : 1839360 bytes]
C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\win32k.sys [B9D8F5E6D1A7AC9977CC50ECE7C7FF74 : 1843968 bytes]
C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys [86E966164A647BE68EC6941B84BEF123 : 1845888 bytes]
C:\WINDOWS\$hf_mig$\KB954211\SP3QFE\win32k.sys [692E8FC363300FA7951594A1A7A1F193 : 1846912 bytes]
C:\WINDOWS\$hf_mig$\KB958690\SP3QFE\win32k.sys [1D20198F208006C3BB5ACB50D32CFC66 : 1847552 bytes]
C:\WINDOWS\$hf_mig$\KB968537\SP3QFE\win32k.sys [7CEDA3396DECF312144BC788D699EE48 : 1847808 bytes]
C:\WINDOWS\$hf_mig$\KB969947\SP3QFE\win32k.sys [F6B54A56F02D24BF43E72662D44A6B14 : 1859712 bytes]
C:\WINDOWS\$NtServicePackUninstall$\win32k.sys [E0F718290D19531FD10328EFB09808EC : 1845248 bytes]
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys [Unable to get md5 : 1677056 bytes]
C:\WINDOWS\$NtUninstallKB840987$\win32k.sys [B119A168C9E9E1C346890D7607B7BFFA : 1796864 bytes]
C:\WINDOWS\$NtUninstallKB890859$\win32k.sys [B74C69A810949E7A54DC688CAE662206 : 1835904 bytes]
C:\WINDOWS\$NtUninstallKB890859_0$\win32k.sys [FE5C17327038423078CD3E24528F6B8C : 1845888 bytes]
C:\WINDOWS\$NtUninstallKB896424$\win32k.sys [D9228D813D601BA27AF486D4D167C83E : 1836288 bytes]
C:\WINDOWS\$NtUninstallKB896424_0$\win32k.sys [19942397B8E7FD8B2F5C7E0CDC48C120 : 1797120 bytes]
C:\WINDOWS\$NtUninstallKB925902$\win32k.sys [AD247B4B1EB5FA17C73908CFAE001237 : 1839488 bytes]
C:\WINDOWS\$NtUninstallKB941693$\win32k.sys [5B5AD4F40BE00F56F51F286BE72C0376 : 1843584 bytes]
C:\WINDOWS\$NtUninstallKB954211$\win32k.sys [DE01D79A607C7B9AE7FF88E934D0FFB2 : 1845632 bytes]
C:\WINDOWS\$NtUninstallKB958690$\win32k.sys [D21A189185D3A74512CC8E68F16E3FCF : 1846400 bytes]
C:\WINDOWS\$NtUninstallKB968537$\win32k.sys [16B961A0552BC09B9E3A338FC816FFE5 : 1846784 bytes]
C:\WINDOWS\$NtUninstallKB969947$\win32k.sys [B707EA8E261F47B51CAC6FB7AF7770F6 : 1847168 bytes]
C:\WINDOWS\ServicePackFiles\i386\win32k.sys [DE01D79A607C7B9AE7FF88E934D0FFB2 : 1845632 bytes]
C:\WINDOWS\SYSTEM32\win32k.sys [716ED09D8D9A9E1E4A03549B32B68186 : 1850624 bytes]
C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys [716ED09D8D9A9E1E4A03549B32B68186 : 1850624 bytes]


C:\WINDOWS\$NtUninstallKB833998$\shell32.dll
-------------------------
C:\WINDOWS\$hf_mig$\KB890047\SP2GDR\shell32.dll [5DB5F53F801B616F4B4B7CAE6EE7D1C6 : 8450048 bytes]
C:\WINDOWS\$hf_mig$\KB890047\SP2QFE\shell32.dll [88F8875E045AEC0C335E73B9A1FC176E : 8451072 bytes]
C:\WINDOWS\$hf_mig$\KB893086\SP2GDR\shell32.dll [9833F278924D028414D7F89BFD4FC46B : 8450048 bytes]
C:\WINDOWS\$hf_mig$\KB893086\SP2QFE\shell32.dll [564A479E5FC3A1BC66E2F8082682DAC2 : 8451584 bytes]
C:\WINDOWS\$hf_mig$\KB900725\SP2GDR\shell32.dll [C1BCFEC67E712B6A00AD00ADFCBFD02E : 8450560 bytes]
C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shell32.dll [2B7DD09E1DE64B094409E3D43E248716 : 8452608 bytes]
C:\WINDOWS\$hf_mig$\KB908531\SP2GDR\shell32.dll [6DDC1304FC3E6849D2BAD23D95E9573B : 8452096 bytes]
C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\shell32.dll [5371E3BAE6FA21C26730C19FA8819335 : 8454656 bytes]
C:\WINDOWS\$hf_mig$\KB921398\SP2GDR\shell32.dll [F056B4771408966694DE5D9BF79B48F8 : 8453632 bytes]
C:\WINDOWS\$hf_mig$\KB921398\SP2QFE\shell32.dll [BCDA9264F73B21DF325A10D99C6FB44A : 8457728 bytes]
C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shell32.dll [C21253CC2EA4001EB3D93CD98E9B35FE : 8458752 bytes]
C:\WINDOWS\$hf_mig$\KB943460\SP2QFE\shell32.dll [3BE4C2E84D99889685FE2B68E5FA2A9D : 8460288 bytes]
C:\WINDOWS\$hf_mig$\KB967715\SP3QFE\shell32.dll [270CE1BFDF019A3D7527F1DA6FB1FA96 : 8461824 bytes]
C:\WINDOWS\$NtServicePackUninstall$\shell32.dll [BC061480F01EAB948744C6C5E24FB7A8 : 8454656 bytes]
C:\WINDOWS\$NtUninstallKB833998$\shell32.dll [Unable to get md5 : 8240640 bytes]
C:\WINDOWS\$NtUninstallKB839645$\shell32.dll [6EC8160F640537FB48D1089F420A17E7 : 8348160 bytes]
C:\WINDOWS\$NtUninstallKB841356$\shell32.dll [F309891FCF2E3184DF2614BF32C79757 : 8350720 bytes]
C:\WINDOWS\$NtUninstallKB890047$\shell32.dll [D5988A5048E4DC7175BCA9F29FC144AE : 8384000 bytes]
C:\WINDOWS\$NtUninstallKB890047_0$\shell32.dll [ACC50AD09F2C940C3F91F9F8AA4EB5A6 : 8442368 bytes]
C:\WINDOWS\$NtUninstallKB893086$\shell32.dll [5DB5F53F801B616F4B4B7CAE6EE7D1C6 : 8450048 bytes]
C:\WINDOWS\$NtUninstallKB893086_0$\shell32.dll [1B4BA24DC5380898859A80A6F0F56908 : 8443904 bytes]
C:\WINDOWS\$NtUninstallKB900725$\shell32.dll [9833F278924D028414D7F89BFD4FC46B : 8450048 bytes]
C:\WINDOWS\$NtUninstallKB900725_0$\shell32.dll [0F8E9DA97906EC022C93E5FB0D4757DA : 8348672 bytes]
C:\WINDOWS\$NtUninstallKB908531$\shell32.dll [C1BCFEC67E712B6A00AD00ADFCBFD02E : 8450560 bytes]
C:\WINDOWS\$NtUninstallKB908531_0$\shell32.dll [6F6145132D3272F2DC1788B0B0D51698 : 8348672 bytes]
C:\WINDOWS\$NtUninstallKB921398$\shell32.dll [6DDC1304FC3E6849D2BAD23D95E9573B : 8452096 bytes]
C:\WINDOWS\$NtUninstallKB921398_0$\shell32.dll [3534C06EE3546A66C8AEDD2B00D5AA60 : 8351232 bytes]
C:\WINDOWS\$NtUninstallKB928255$\shell32.dll [F056B4771408966694DE5D9BF79B48F8 : 8453632 bytes]
C:\WINDOWS\$NtUninstallKB943460$\shell32.dll [ABFCBDA41D2BD08BAA1B0B2DB558DF03 : 8453632 bytes]
C:\WINDOWS\$NtUninstallKB967715$\shell32.dll [0CF50B1F45DAB08430C1DBB79FE2CA5B : 8461312 bytes]
C:\WINDOWS\ServicePackFiles\i386\shell32.dll [0CF50B1F45DAB08430C1DBB79FE2CA5B : 8461312 bytes]
C:\WINDOWS\SYSTEM32\shell32.dll [08B99916C98E15F6C28D24D73E53B45A : 8461312 bytes]
C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll [08B99916C98E15F6C28D24D73E53B45A : 8461312 bytes]


C:\WINDOWS\$NtUninstallKB833998$\sxs.dll
-------------------------
C:\WINDOWS\$hf_mig$\KB926255\SP2QFE\sxs.dll [2E3C3FDF3D742CF33A0A5044377A1848 : 713216 bytes]
C:\WINDOWS\$NtServicePackUninstall$\sxs.dll [0FF9FA27706FBE9048990C108C0D62F0 : 713216 bytes]
C:\WINDOWS\$NtUninstallKB833998$\sxs.dll [Unable to get md5 : 674816 bytes]
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll [66EF5FF1DF1184CDE6FE6CDC18B4B4B6 : 676864 bytes]
C:\WINDOWS\$NtUninstallKB841356$\sxs.dll [E9D556777F58A8ACCCDA895D6D15A2A8 : 676864 bytes]
C:\WINDOWS\$NtUninstallKB926255$\sxs.dll [BCDF5F4BAE714231ECC916A1EF724627 : 713216 bytes]
C:\WINDOWS\ServicePackFiles\i386\sxs.dll [694503348B586E99D56C0E30AB5B3EF8 : 713216 bytes]
C:\WINDOWS\SYSTEM32\sxs.dll [694503348B586E99D56C0E30AB5B3EF8 : 713216 bytes]


C:\WINDOWS\$NtUninstallKB837001$\dao360.dll
-------------------------
C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll [54E10AD6EBBEDCB221ADED5D9F0C8F3F : 554008 bytes]
C:\WINDOWS\$NtServicePackUninstall$\dao360.dll [9BEEEE396F4D2DDDE42DB8CFDAF69B53 : 561179 bytes]
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll [Unable to get md5 : 557128 bytes]
C:\WINDOWS\$NtUninstallKB950749$\dao360.dll [9BEEEE396F4D2DDDE42DB8CFDAF69B53 : 561179 bytes]
C:\WINDOWS\ServicePackFiles\i386\dao360.dll [54E10AD6EBBEDCB221ADED5D9F0C8F3F : 554008 bytes]
C:\WINDOWS\SYSTEM32\DLLCACHE\dao360.dll [54E10AD6EBBEDCB221ADED5D9F0C8F3F : 554008 bytes]


C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll
-------------------------
C:\WINDOWS\$NtServicePackUninstall$\expsrv.dll [7695224003DDA59BFB9BDD62EDAC169F : 380957 bytes]
C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll [Unable to get md5 : 380445 bytes]
C:\WINDOWS\ServicePackFiles\i386\expsrv.dll [BE87245CE60329B31C94F1B4236E5832 : 380445 bytes]
C:\WINDOWS\SYSTEM32\expsrv.dll [BE87245CE60329B31C94F1B4236E5832 : 380445 bytes]


C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll
-------------------------
C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll [26FC52194D0DAC7E7D5223856AF94C14 : 518944 bytes]
C:\WINDOWS\$NtServicePackUninstall$\msexch40.dll [40DAA636B470A13ADD3EF4B5CA2CC64D : 512029 bytes]
C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll [Unable to get md5 : 512031 bytes]
C:\WINDOWS\$NtUninstallKB950749$\msexch40.dll [40DAA636B470A13ADD3EF4B5CA2CC64D : 512029 bytes]
C:\WINDOWS\ServicePackFiles\i386\msexch40.dll [26FC52194D0DAC7E7D5223856AF94C14 : 518944 bytes]
C:\WINDOWS\SYSTEM32\msexch40.dll [26FC52194D0DAC7E7D5223856AF94C14 : 518944 bytes]
C:\WINDOWS\SYSTEM32\DLLCACHE\msexch40.dll [26FC52194D0DAC7E7D5223856AF94C14 : 518944 bytes]


C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll
-------------------------
C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll [796B32751FFB52319C0CBFE68D2B5D92 : 326432 bytes]
C:\WINDOWS\$NtServicePackUninstall$\msexcl40.dll [16DAE9220397C640668F36789DBF4AF8 : 319517 bytes]
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll [Unable to get md5 : 319519 bytes]
C:\WINDOWS\$NtUninstallKB950749$\msexcl40.dll [16DAE9220397C640668F36789DBF4AF8 : 319517 bytes]
C:\WINDOWS\ServicePackFiles\i386\msexcl40.dll [796B32751FFB52319C0CBFE68D2B5D92 : 326432 bytes]
C:\WINDOWS\SYSTEM32\msexcl40.dll [796B32751FFB52319C0CBFE68D2B5D92 : 326432 bytes]
C:\WINDOWS\SYSTEM32\DLLCACHE\msexcl40.dll [796B32751FFB52319C0CBFE68D2B5D92 : 326432 bytes]


C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll
-------------------------
C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll [9E70016C950B1F8FDEAA6F067E2E25A8 : 1516568 bytes]
C:\WINDOWS\$NtServicePackUninstall$\msjet40.dll [220320F029E321617E6799BB24E97B97 : 1507356 bytes]
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll [Unable to get md5 : 1503262 bytes]
C:\WINDOWS\$NtUninstallKB950749$\msjet40.dll [220320F029E321617E6799BB24E97B97 : 1507356 bytes]
C:\WINDOWS\ServicePackFiles\i386\msjet40.dll [9E70016C950B1F8FDEAA6F067E2E25A8 : 1516568 bytes]
C:\WINDOWS\SYSTEM32\msjet40.dll [9E70016C950B1F8FDEAA6F067E2E25A8 : 1516568 bytes]
C:\WINDOWS\SYSTEM32\DLLCACHE\msjet40.dll [9E70016C950B1F8FDEAA6F067E2E25A8 : 1516568 bytes]


C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll
-------------------------
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll [Unable to get md5 : 348195 bytes]
C:\WINDOWS\$NtUninstallKB950749$\msjetoledb40.dll [643B75CD0B2159566433A0B73B034014 : 358976 bytes]
C:\WINDOWS\SYSTEM32\msjetoledb40.dll [077F067C69073D1EBC84984E7FE5BA44 : 355112 bytes]


C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll
-------------------------
C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll [92F7261F2182AA32C1C247C6DDFEF90C : 151583 bytes]
C:\WINDOWS\$NtServicePackUninstall$\msjint40.dll [92F7261F2182AA32C1C247C6DDFEF90C : 151583 bytes]
C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll [Unable to get md5 : 151626 bytes]
C:\WINDOWS\$NtUninstallKB950749$\msjint40.dll [6838B8B8AA024ACB0A97F47A46FAF4CD : 151583 bytes]
C:\WINDOWS\ServicePackFiles\i386\msjint40.dll [7E2B58CE8C4013287371667880B1080D : 151583 bytes]
C:\WINDOWS\SYSTEM32\msjint40.dll [7E2B58CE8C4013287371667880B1080D : 151583 bytes]


C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll
-------------------------
C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll [0D14F07B29FBF0D750AA2495DD72B968 : 60192 bytes]
C:\WINDOWS\$NtServicePackUninstall$\msjter40.dll [02F3791C92368F6741C955E8C2F08681 : 53279 bytes]
C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll [Unable to get md5 : 53322 bytes]
C:\WINDOWS\$NtUninstallKB950749$\msjter40.dll [02F3791C92368F6741C955E8C2F08681 : 53279 bytes]
C:\WINDOWS\ServicePackFiles\i386\msjter40.dll [0D14F07B29FBF0D750AA2495DD72B968 : 60192 bytes]
C:\WINDOWS\SYSTEM32\msjter40.dll [0D14F07B29FBF0D750AA2495DD72B968 : 60192 bytes]
C:\WINDOWS\SYSTEM32\DLLCACHE\msjter40.dll [0D14F07B29FBF0D750AA2495DD72B968 : 60192 bytes]


C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll
-------------------------
C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll [E5DE87DDDB8CBE4687EADF296E58452A : 248608 bytes]
C:\WINDOWS\$NtServicePackUninstall$\msjtes40.dll [371734DDAA9848D13CD4DE49696A965D : 241693 bytes]
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll [Unable to get md5 : 241695 bytes]
C:\WINDOWS\$NtUninstallKB950749$\msjtes40.dll [371734DDAA9848D13CD4DE49696A965D : 241693 bytes]
C:\WINDOWS\ServicePackFiles\i386\msjtes40.dll [E5DE87DDDB8CBE4687EADF296E58452A : 248608 bytes]
C:\WINDOWS\SYSTEM32\msjtes40.dll [E5DE87DDDB8CBE4687EADF296E58452A : 248608 bytes]
C:\WINDOWS\SYSTEM32\DLLCACHE\msjtes40.dll [E5DE87DDDB8CBE4687EADF296E58452A : 248608 bytes]


C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll
-------------------------
C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll [A766D8571D6E9EEFF5E7118744BC926F : 219936 bytes]
C:\WINDOWS\$NtServicePackUninstall$\msltus40.dll [BE5B8A031A466523201FCC356F56DE95 : 213023 bytes]
C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll [Unable to get md5 : 213023 bytes]
C:\WINDOWS\$NtUninstallKB950749$\msltus40.dll [BE5B8A031A466523201FCC356F56DE95 : 213023 bytes]
C:\WINDOWS\ServicePackFiles\i386\msltus40.dll [A766D8571D6E9EEFF5E7118744BC926F : 219936 bytes]
C:\WINDOWS\SYSTEM32\msltus40.dll [A766D8571D6E9EEFF5E7118744BC926F : 219936 bytes]
C:\WINDOWS\SYSTEM32\DLLCACHE\msltus40.dll [A766D8571D6E9EEFF5E7118744BC926F : 219936 bytes]


C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll
-------------------------
C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll [F0135128BA2FBF86FA49C43FD8A37972 : 355104 bytes]
C:\WINDOWS\$NtServicePackUninstall$\mspbde40.dll [712EF673380341AF72EC504576247ACA : 348189 bytes]
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll [Unable to get md5 : 348191 bytes]
C:\WINDOWS\$NtUninstallKB950749$\mspbde40.dll [712EF673380341AF72EC504576247ACA : 348189 bytes]
C:\WINDOWS\ServicePackFiles\i386\mspbde40.dll [F0135128BA2FBF86FA49C43FD8A37972 : 355104 bytes]
C:\WINDOWS\SYSTEM32\mspbde40.dll [F0135128BA2FBF86FA49C43FD8A37972 : 355104 bytes]
C:\WINDOWS\SYSTEM32\DLLCACHE\mspbde40.dll [F0135128BA2FBF86FA49C43FD8A37972 : 355104 bytes]


C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll
-------------------------
C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll [EEB9E8A3C4C0ABCB89037EE9CC74F3CC : 432928 bytes]
C:\WINDOWS\$NtServicePackUninstall$\msrd2x40.dll [5194277DDA7FD05FCEF6CF720AF93D0B : 421919 bytes]
C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll [Unable to get md5 : 421919 bytes]
C:\WINDOWS\$NtUninstallKB950749$\msrd2x40.dll [5194277DDA7FD05FCEF6CF720AF93D0B : 421919 bytes]
C:\WINDOWS\ServicePackFiles\i386\msrd2x40.dll [EEB9E8A3C4C0ABCB89037EE9CC74F3CC : 432928 bytes]
C:\WINDOWS\SYSTEM32\msrd2x40.dll [EEB9E8A3C4C0ABCB89037EE9CC74F3CC : 432928 bytes]
C:\WINDOWS\SYSTEM32\DLLCACHE\msrd2x40.dll [EEB9E8A3C4C0ABCB89037EE9CC74F3CC : 432928 bytes]


C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll
-------------------------
C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll [7B9245A87145B4C0B1C412F26F5BE662 : 322336 bytes]
C:\WINDOWS\$NtServicePackUninstall$\msrd3x40.dll [46F5CAD93C8BC94ACE84C896722D63BF : 315423 bytes]
C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll [Unable to get md5 : 315466 bytes]
C:\WINDOWS\$NtUninstallKB950749$\msrd3x40.dll [46F5CAD93C8BC94ACE84C896722D63BF : 315423 bytes]
C:\WINDOWS\ServicePackFiles\i386\msrd3x40.dll [7B9245A87145B4C0B1C412F26F5BE662 : 322336 bytes]
C:\WINDOWS\SYSTEM32\msrd3x40.dll [7B9245A87145B4C0B1C412F26F5BE662 : 322336 bytes]
C:\WINDOWS\SYSTEM32\DLLCACHE\msrd3x40.dll [7B9245A87145B4C0B1C412F26F5BE662 : 322336 bytes]


C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll
-------------------------
C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll [030686BB296ACEDFBF7F92BEE328AB3A : 559904 bytes]
C:\WINDOWS\$NtServicePackUninstall$\msrepl40.dll [2109BF94120B78D95888F88673C786AB : 552989 bytes]
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll [Unable to get md5 : 552991 bytes]
C:\WINDOWS\$NtUninstallKB950749$\msrepl40.dll [2109BF94120B78D95888F88673C786AB : 552989 bytes]
C:\WINDOWS\ServicePackFiles\i386\msrepl40.dll [030686BB296ACEDFBF7F92BEE328AB3A : 559904 bytes]
C:\WINDOWS\SYSTEM32\msrepl40.dll [030686BB296ACEDFBF7F92BEE328AB3A : 559904 bytes]
C:\WINDOWS\SYSTEM32\DLLCACHE\msrepl40.dll [030686BB296ACEDFBF7F92BEE328AB3A : 559904 bytes]


C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll
-------------------------
C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll [383297E2D7C5D4E54DB6F448DACBB026 : 264992 bytes]
C:\WINDOWS\$NtServicePackUninstall$\mstext40.dll [9581D46D917EF57636110A710C33B543 : 258077 bytes]
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll [Unable to get md5 : 253983 bytes]
C:\WINDOWS\$NtUninstallKB950749$\mstext40.dll [9581D46D917EF57636110A710C33B543 : 258077 bytes]
C:\WINDOWS\ServicePackFiles\i386\mstext40.dll [383297E2D7C5D4E54DB6F448DACBB026 : 264992 bytes]
C:\WINDOWS\SYSTEM32\mstext40.dll [383297E2D7C5D4E54DB6F448DACBB026 : 264992 bytes]
C:\WINDOWS\SYSTEM32\DLLCACHE\mstext40.dll [383297E2D7C5D4E54DB6F448DACBB026 : 264992 bytes]


C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll
-------------------------
C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll [E294A5F16D91D654C4CA0140379D2D28 : 838432 bytes]
C:\WINDOWS\$NtServicePackUninstall$\mswdat10.dll [113661199BFB9CE4559DB3B975E4C2C0 : 831519 bytes]
C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll [Unable to get md5 : 831562 bytes]
C:\WINDOWS\$NtUninstallKB950749$\mswdat10.dll [113661199BFB9CE4559DB3B975E4C2C0 : 831519 bytes]
C:\WINDOWS\ServicePackFiles\i386\mswdat10.dll [E294A5F16D91D654C4CA0140379D2D28 : 838432 bytes]
C:\WINDOWS\SYSTEM32\mswdat10.dll [E294A5F16D91D654C4CA0140379D2D28 : 838432 bytes]
C:\WINDOWS\SYSTEM32\DLLCACHE\mswdat10.dll [E294A5F16D91D654C4CA0140379D2D28 : 838432 bytes]


C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll
-------------------------
C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll [AFDC647D16B285B9AE6140335B3B3255 : 621344 bytes]
C:\WINDOWS\$NtServicePackUninstall$\mswstr10.dll [D1595C1EB2C3430EFB5BD997ED5C86A7 : 614429 bytes]
C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll [Unable to get md5 : 614474 bytes]
C:\WINDOWS\$NtUninstallKB950749$\mswstr10.dll [D1595C1EB2C3430EFB5BD997ED5C86A7 : 614429 bytes]
C:\WINDOWS\ServicePackFiles\i386\mswstr10.dll [AFDC647D16B285B9AE6140335B3B3255 : 621344 bytes]
C:\WINDOWS\SYSTEM32\mswstr10.dll [AFDC647D16B285B9AE6140335B3B3255 : 621344 bytes]
C:\WINDOWS\SYSTEM32\DLLCACHE\mswstr10.dll [AFDC647D16B285B9AE6140335B3B3255 : 621344 bytes]


C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll
-------------------------
C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll [3BD1548E27B2DF1090E42FEAC1BBA78B : 355104 bytes]
C:\WINDOWS\$NtServicePackUninstall$\msxbde40.dll [6F4B8ED58425052C4AF5ABDFFA2CF7C7 : 348189 bytes]
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll [Unable to get md5 : 344095 bytes]
C:\WINDOWS\$NtUninstallKB950749$\msxbde40.dll [6F4B8ED58425052C4AF5ABDFFA2CF7C7 : 348189 bytes]
C:\WINDOWS\ServicePackFiles\i386\msxbde40.dll [3BD1548E27B2DF1090E42FEAC1BBA78B : 355104 bytes]
C:\WINDOWS\SYSTEM32\msxbde40.dll [3BD1548E27B2DF1090E42FEAC1BBA78B : 355104 bytes]
C:\WINDOWS\SYSTEM32\DLLCACHE\msxbde40.dll [3BD1548E27B2DF1090E42FEAC1BBA78B : 355104 bytes]


C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll
-------------------------
C:\WINDOWS\$NtServicePackUninstall$\vbajet32.dll [1DB86AE1A9BAB2B68BA04FE28DF9245B : 30749 bytes]
C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll [Unable to get md5 : 30992 bytes]
C:\WINDOWS\ServicePackFiles\i386\vbajet32.dll [CAFBD14F56A68E6C1A55C0EAC7E487FA : 30749 bytes]
C:\WINDOWS\SYSTEM32\vbajet32.dll [CAFBD14F56A68E6C1A55C0EAC7E487FA : 30749 bytes]


C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll
-------------------------
C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll [Unable to get md5 : 1298432 bytes]
C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}\wmpcore.dll [0CF4C7F3341D73D4044053B203AC04E5 : 20480 bytes]
C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}$BACKUP$\System\wmpcore.dll [82FEFA30D1C4C172097050A8CF33D693 : 20480 bytes]
C:\WINDOWS\ServicePackFiles\i386\wmpcore.dll [4D83744212FBA6180316766D218E012D : 20480 bytes]
C:\WINDOWS\SYSTEM32\wmpcore.dll [0CF4C7F3341D73D4044053B203AC04E5 : 20480 bytes]
C:\WINDOWS\SYSTEM32\DLLCACHE\wmpcore.dll [0CF4C7F3341D73D4044053B203AC04E5 : 20480 bytes]

-=E.O.F=-










OTL logfile created on: 12/28/2009 4:59:38 PM - Run 2
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Our Downloads\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.72 Gb Available in Paging File | 92.88% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 25.02 Gb Free Space | 22.40% Space Free | Partition Type: NTFS
Drive D: | 27.95 Gb Total Space | 27.88 Gb Free Space | 99.75% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GEHLINGFABFIVE
Current User Name: Eve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/28 13:07:34 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/12/28 13:07:34 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/12/27 17:34:09 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Our Downloads\OTL\OTL.EXE
PRC - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/10 10:14:38 | 00,443,728 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2009/11/10 09:28:06 | 01,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/28 00:54:16 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/21 09:55:32 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/12/08 15:50:04 | 00,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe
PRC - [2008/10/10 04:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 18:12:27 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\mqtgsvc.exe
PRC - [2008/04/13 18:12:27 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\mqsvc.exe
PRC - [2008/04/13 18:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/06 10:08:10 | 00,397,312 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
PRC - [2007/03/15 11:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/01/04 15:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/09/08 11:06:20 | 00,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005/06/23 15:00:44 | 00,107,008 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
PRC - [2005/06/23 14:58:15 | 00,500,224 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.0\J2GTray.exe
PRC - [2005/05/12 00:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2005/05/11 23:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2005/01/07 13:15:58 | 01,409,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2004/10/19 10:27:44 | 00,282,624 | ---- | M] (iPass Inc) -- C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
PRC - [2004/10/19 10:23:30 | 00,090,112 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPCAgent.exe
PRC - [2004/07/16 05:37:50 | 00,290,816 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe
PRC - [2004/07/14 07:02:58 | 00,053,248 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/04/20 12:24:50 | 00,131,072 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
PRC - [2004/04/20 12:24:50 | 00,053,248 | ---- | M] (TODO: <Company name>) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
PRC - [2004/03/04 10:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE
PRC - [2004/03/04 10:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXPPS.EXE
PRC - [2003/11/03 12:46:00 | 00,073,728 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe
PRC - [2003/09/03 19:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
PRC - [2003/08/13 09:27:40 | 00,028,672 | ---- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe
PRC - [2003/08/06 00:04:00 | 00,114,741 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
PRC - [2003/05/31 17:02:32 | 07,544,916 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
PRC - [2003/02/20 08:21:16 | 00,046,080 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\SYSTEM32\DRIVERS\CDANTSRV.EXE
PRC - [2002/04/03 00:01:00 | 00,135,264 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
PRC - [2002/03/23 09:43:00 | 00,195,072 | ---- | M] (SMC Networks, Inc.) -- C:\WINDOWS\SYSTEM32\SMCSTA.exe
PRC - [2001/08/13 10:49:10 | 00,344,064 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\fpdisp4.exe
PRC - [2000/06/26 06:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
PRC - [1999/12/13 08:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE


========== Modules (SafeList) ==========

MOD - [2009/12/27 17:34:09 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Our Downloads\OTL\OTL.EXE
MOD - [2002/08/29 04:00:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SERWVDRV.DLL
MOD - [2002/08/29 04:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\UMDMXFRM.DLL


========== Win32 Services (SafeList) ==========

SRV - [2009/12/28 13:07:34 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/10 09:28:06 | 01,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2009/01/24 21:24:43 | 00,137,200 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/10/10 04:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/04/13 18:12:27 | 00,117,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\mqtgsvc.exe -- (MSMQTriggers)
SRV - [2008/04/13 18:12:27 | 00,004,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\mqsvc.exe -- (MSMQ)
SRV - [2008/04/13 18:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 18:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 18:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe -- (IISADMIN)
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/01/07 13:15:58 | 01,409,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2004/10/22 09:05:14 | 01,028,096 | ---- | M] (iPass) [On_Demand | Stopped] -- C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe -- (iPassConnectEngine)
SRV - [2004/10/19 10:23:30 | 00,090,112 | ---- | M] (iPass, Inc.) [Auto | Running] -- C:\Program Files\iPass\iPassConnect\iPCAgent.exe -- (iPCAgent)
SRV - [2004/03/04 10:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE -- (LexBceS)
SRV - [2003/11/03 12:46:00 | 00,073,728 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\nvsvc32.exe -- (NVSvc)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/05/31 17:02:32 | 07,544,916 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe -- (MSSQL$MICROSOFTBCM)
SRV - [2003/03/03 12:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2003/02/20 08:21:16 | 00,046,080 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\CDANTSRV.EXE -- (C-DillaSrv)
SRV - [2002/12/17 18:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTBCM)
SRV - [2000/06/26 06:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe -- (WMDM PMSP Service)
SRV - [1999/12/13 08:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.thomson.com;*westgroup.com;*westlaw.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = webproxy.int.westgroup.com:80

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://yahoo.com/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..network.proxy.ftp: "webproxy.int.westgroup.com"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "webproxy.int.westgroup.com"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "webproxy.int.westgroup.com"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "*.thomson.com,*westgroup.com,*westlaw.com"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "webproxy.int.westgroup.com"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "webproxy.int.westgroup.com"
FF - prefs.js..network.proxy.ssl_port: 80

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/12/25 10:53:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/19 22:35:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/28 13:07:51 | 00,000,000 | ---D | M]

[2009/07/19 22:36:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\Mozilla\Extensions
[2009/07/19 22:36:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\Mozilla\Firefox\Profiles\7jji0477.default\extensions
[2009/12/28 13:07:55 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2005/09/15 17:26:00 | 00,044,153 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\inspector.dll

O1 HOSTS File: (27 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [diagent] C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dla] C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\fpdisp4.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe (TODO: <Company name>)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SMCSTA.EXE] C:\WINDOWS\System32\SMCSTA.exe (SMC Networks, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax DllCmd 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax Tray Menu 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GTray.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{B8221906-224A-4494-BB97-55FC63740019}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...84/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://samsclubus.pn...veX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 12:36:02 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/28 12:43:13 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/12/25 11:00:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/12/25 10:57:50 | 00,000,000 | ---D | C] -- C:\Program Files\LeapFrog
[2009/12/25 10:57:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2009/12/20 21:38:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2009/12/20 19:32:35 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/12/20 19:03:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2009/12/20 19:03:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2009/12/20 19:03:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2009/12/20 19:03:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2009/12/20 19:03:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2009/12/20 19:03:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2009/12/20 19:03:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2009/12/20 19:03:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2009/12/20 19:03:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2009/12/20 19:03:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2009/12/20 19:03:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2009/12/20 19:03:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2009/12/20 19:03:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2009/12/20 19:03:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2009/12/20 19:03:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2009/12/20 19:03:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2009/12/20 19:03:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2009/12/14 22:14:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eve\Application Data\HpUpdate
[2009/12/14 22:13:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2009/12/09 02:11:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/12/09 02:10:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/09 02:10:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/12/09 02:10:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Threat Expert
[2009/09/15 19:04:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2009/08/15 16:19:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/03/18 21:42:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\SACore
[2008/04/30 18:37:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/03/04 17:19:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/01/18 23:19:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2006/01/18 23:19:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2004/09/29 14:35:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2004/06/06 22:36:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2004/05/20 10:07:22 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2002/04/10 23:41:00 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[1 C:\Documents and Settings\Eve\My Documents\*.tmp files -> C:\Documents and Settings\Eve\My Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/28 16:07:44 | 00,048,935 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/12/28 13:15:22 | 00,590,136 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/28 13:15:22 | 00,486,806 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/12/28 13:15:22 | 00,091,922 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/12/28 13:11:42 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/12/28 13:11:11 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/12/28 13:10:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/28 13:10:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/12/28 13:10:53 | 32,202,46528 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/28 13:09:49 | 09,175,040 | ---- | M] () -- C:\Documents and Settings\Eve\ntuser.dat
[2009/12/28 13:09:49 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Eve\NTUSER.INI
[2009/12/28 13:08:56 | 00,005,940 | ---- | M] () -- C:\Documents and Settings\Eve\.plugin141_07.trace
[2009/12/28 12:50:53 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/28 10:46:33 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/28 10:45:16 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2009/12/28 10:24:48 | 03,867,756 | R--- | M] () -- C:\Documents and Settings\Eve\Desktop\Combo-Fix.exe
[2009/12/25 11:00:56 | 00,000,110 | ---- | M] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/12/20 19:32:36 | 00,000,615 | ---- | M] () -- C:\Documents and Settings\Eve\Desktop\NTREGOPT.lnk
[2009/12/20 19:32:36 | 00,000,596 | ---- | M] () -- C:\Documents and Settings\Eve\Desktop\ERUNT.lnk
[2009/12/15 00:33:45 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\Documents and Settings\Eve\My Documents\*.tmp files -> C:\Documents and Settings\Eve\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/28 10:24:42 | 03,867,756 | R--- | C] () -- C:\Documents and Settings\Eve\Desktop\Combo-Fix.exe
[2009/12/25 11:00:42 | 00,000,110 | ---- | C] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/12/20 19:32:36 | 00,000,615 | ---- | C] () -- C:\Documents and Settings\Eve\Desktop\NTREGOPT.lnk
[2009/12/20 19:32:36 | 00,000,596 | ---- | C] () -- C:\Documents and Settings\Eve\Desktop\ERUNT.lnk
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2007/12/05 21:02:16 | 00,000,056 | ---- | C] () -- C:\WINDOWS\System32\nett12.dll
[2006/12/15 11:26:27 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/14 14:57:25 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/12/14 14:44:43 | 00,000,869 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/12/14 14:44:26 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/01/20 15:59:07 | 00,000,193 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2006/01/20 13:12:25 | 00,000,365 | ---- | C] () -- C:\WINDOWS\PSADMIN.INI
[2006/01/07 00:26:21 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\nhciClassInstall.dll
[2006/01/07 00:07:50 | 00,001,081 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/11/28 09:29:01 | 00,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2005/08/29 22:29:58 | 00,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2005/07/08 17:16:23 | 00,425,984 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/06/03 15:44:32 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/05/23 21:43:52 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/21 22:16:49 | 00,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2005/01/07 13:15:56 | 00,172,056 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/01/07 13:10:26 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2004/09/07 09:38:26 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\Eve\Local Settings\Application Data\fusioncache.dat
[2004/08/30 20:18:41 | 00,012,273 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/08/18 19:15:46 | 00,035,328 | ---- | C] () -- C:\Documents and Settings\Eve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/07/20 15:45:15 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\Hlinkprx.dll
[2004/06/15 21:54:01 | 00,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2004/06/15 21:52:07 | 00,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2004/06/15 21:52:07 | 00,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2004/06/15 21:46:22 | 00,000,196 | ---- | C] () -- C:\WINDOWS\EPSONRX600.ini
[2004/06/09 21:19:12 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/06/08 20:25:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2004/06/08 20:24:48 | 00,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2004/06/08 20:24:47 | 00,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2004/06/08 20:24:39 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2004/06/08 20:24:39 | 00,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2004/06/08 20:24:36 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2004/05/20 10:49:41 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/05/20 10:41:32 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/05/20 10:33:58 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/05/20 10:33:43 | 00,002,572 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2004/05/20 10:33:43 | 00,002,158 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2004/05/20 10:33:43 | 00,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2004/05/20 10:33:43 | 00,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/05/20 10:33:18 | 00,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/05/20 10:31:26 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/05/20 10:08:04 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/02/10 14:08:00 | 00,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2004/01/23 08:03:50 | 00,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2003/11/20 12:18:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/22 14:59:06 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\DriverSetupApi.dll
[2003/07/08 12:41:48 | 00,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/13 14:40:22 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[1979/12/31 23:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2004/05/20 10:30:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2005/10/24 12:01:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.0 Setup
[2009/12/25 10:57:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2007/10/12 00:57:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETg
[2008/03/02 13:15:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/12/14 23:14:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/25 00:09:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/07/18 19:34:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\COWON
[2005/12/25 22:52:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\EPSON
[2007/09/21 08:04:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\LinkedIn
[2008/10/07 23:11:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eve\Application Data\Viewpoint
[2004/05/26 21:41:19 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job
[2009/09/15 00:00:00 | 00,000,262 | -H-- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/10/01 00:00:00 | 00,000,350 | -H-- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
  • 0

#15
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.



  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.




Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html


Below I have included a number of recommendations for how to protect your computer against malware infections.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here


    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

  • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
  • 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured