Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Redirect -GMRE crash-stinger no help [Solved]


  • This topic is locked This topic is locked

#1
MT Tom

MT Tom

    Member

  • Member
  • PipPip
  • 15 posts
Hello

Thanks in advance for any help you can give.
Computer problems make me cranky & I might forget to say thanks.

My problem is Google redirect & slow running.

I believe I have followed the suggestions in Malware-Spyware-Cleaning-Guide-t2852.html,except for GMER.
GMER has crashed twice.
First crash Mcafee was running, second it was off. Second crash was at Windows\I386.

I tried to post earlier with logs pasted in. Got a Firefox error message.
I'll try to repost with logs attached.

Thanks
Tom

Attached Files


  • 0

Advertisements


#2
Mjöllnir

Mjöllnir

    Trusted Helper

  • Retired Staff
  • 1,207 posts
Hello MT Tom, and welcome to GeeksToGo.


Please re-post your logs directly into the topic and not as attachments. It makes my job so much easier.


Also, please re-try GMER below in Safe Mode.



Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
  • 0

#3
MT Tom

MT Tom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hello and thanks
Since my last post I was able to get GMER to run.
When I copy from notepad into the post box everything looks fine.
Then I click on post and immediately get a Firefox error:
"The connection to the server was reset while the page was loading"
Any ideas on how to post?

Tom
  • 0

#4
Mjöllnir

Mjöllnir

    Trusted Helper

  • Retired Staff
  • 1,207 posts
Can you post with IE?
  • 0

#5
MT Tom

MT Tom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Just tried IE
No go for preview or post.
  • 0

#6
Mjöllnir

Mjöllnir

    Trusted Helper

  • Retired Staff
  • 1,207 posts
Well, that is just strange. Do you have issues at other web sites?

To review the logs by downloading them, this process will take a bit longer - just to let you know.


Go ahead and attach the GMER log and we'll go from there.
  • 0

#7
MT Tom

MT Tom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
My problem with web sites seems to be limited to being redirected.
Sorry for the extra work.

Attached Files

  • Attached File  ark.txt   71.68KB   115 downloads

  • 0

#8
Mjöllnir

Mjöllnir

    Trusted Helper

  • Retired Staff
  • 1,207 posts
Hello.


Please continue below.



Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#9
MT Tom

MT Tom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Greetings
As you are looking at the logs you might notice that I had to do a system restore a couple of weeks ago. I got hit by the Mcafee "False Positive"; thought it was a virus; called Mcafee (2x's) went to 2 computer stores<= all no help. A day later as I was rebuilding my files they announced their bo-bo.
Also, today Mcafee found & removed Artemis!ABB5DCFAC8E6.
After combofix download from BP link got message "newer version available" <= ignored it.
Upon start up combofix wanted Windows recovery console <= got it.

Both Firefox & IE errored when I tried to send with log pasted in.
IE then popped up a window on a second site.
Tried sending log as an attachment again, but site kept stalling.
Copied files on mem stick & am trying from Mac.

Happy Hunting

Tom (never had to do this on my Timex/Sinclair)

ComboFix 10-05-08.01 - Tom Lechner 05/08/2010 17:58:03.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1498 [GMT -5:00]
Running from: c:\documents and settings\Tom Lechner\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Tom Lechner\GoToAssistDownloadHelper.exe
c:\windows\system32\AutoRun.inf

Infected copy of c:\windows\system32\drivers\rdpcdd.sys was found and disinfected
Restored copy from - Kitty had a snack :)
.
((((((((((((((((((((((((( Files Created from 2010-04-08 to 2010-05-08 )))))))))))))))))))))))))))))))
.

2010-05-08 21:08 . 2010-05-08 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2010-05-08 21:08 . 2007-03-15 20:32 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll
2010-05-08 21:08 . 2007-03-15 20:32 118272 ----a-w- c:\windows\system32\hpz3l5ha.dll
2010-05-08 21:08 . 2006-10-31 18:49 94208 ----a-w- c:\windows\system32\HPJIPX1U.DLL
2010-05-08 21:08 . 2006-10-31 18:49 163840 ----a-w- c:\windows\system32\HPJCMN2U.DLL
2010-05-08 21:07 . 2007-02-06 22:00 39424 ----a-w- c:\windows\system32\HPBPRO.DLL
2010-05-08 21:07 . 2007-02-06 22:00 7680 ----a-w- c:\windows\system32\HPBPROPS.DLL
2010-05-08 21:07 . 2007-02-06 22:00 25600 ----a-w- c:\windows\system32\HPBOID.DLL
2010-05-08 21:07 . 2007-02-06 22:00 7680 ----a-w- c:\windows\system32\HPBOIDPS.DLL
2010-05-08 21:07 . 2007-02-06 22:00 24576 ----a-w- c:\windows\system32\HPBMIAPI.DLL
2010-05-08 21:07 . 2006-10-31 18:48 49152 ----a-w- c:\windows\system32\HPBNRAC2.DLL
2010-05-08 21:07 . 2006-10-31 18:48 241721 ----a-w- c:\windows\system32\HPBMINI.DLL
2010-05-08 21:07 . 2001-08-17 18:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2010-05-08 21:07 . 2001-08-17 18:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2010-05-08 20:56 . 2010-05-08 20:56 -------- d-----w- c:\program files\Hewlett-Packard
2010-05-08 20:55 . 2007-05-03 00:03 267864 ----a-w- c:\windows\system32\hpzids01.dll
2010-05-08 20:55 . 2007-05-03 00:03 267864 ----a-w- C:\hpzids01.dll
2010-05-08 20:55 . 2007-05-02 23:01 675840 ----a-w- c:\windows\system32\hpowiax5.dll
2010-05-08 20:55 . 2007-05-02 23:00 303104 ----a-w- c:\windows\system32\hpovst12.dll
2010-05-08 20:55 . 2007-05-02 22:56 954368 ----a-w- c:\windows\system32\hpotiop5.dll
2010-05-08 20:54 . 2010-05-08 21:19 130449 ----a-w- c:\windows\hpoins21.dat
2010-05-08 20:54 . 2007-09-06 14:34 8138 ------w- c:\windows\hpomdl21.dat
2010-05-08 20:41 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-05-08 20:41 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-05-08 20:41 . 2004-09-29 17:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2010-05-08 20:41 . 2004-09-29 17:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2010-05-08 20:38 . 2010-05-08 20:43 102262 ----a-w- c:\windows\hpoins05.dat
2010-05-08 20:38 . 2005-06-22 14:03 17505 ------w- c:\windows\hpomdl07.dat
2010-05-08 20:38 . 2005-04-08 15:51 258122 ----a-w- c:\windows\system32\hpovst08.dll
2010-05-08 20:38 . 2005-04-08 15:51 606208 ----a-w- c:\windows\system32\hpotscl.dll
2010-05-08 20:38 . 2005-02-05 02:58 98304 ----a-w- c:\windows\system32\hpzjsn01.dll
2010-05-08 20:38 . 2005-04-08 15:51 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
2010-05-08 20:38 . 2005-03-08 19:41 139345 ----a-w- c:\windows\system32\hpzlnt12.dll
2010-05-08 20:38 . 2005-03-08 19:41 393216 ----a-w- c:\windows\system32\hpzcon12.dll
2010-05-08 20:38 . 2005-03-08 19:41 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
2010-05-08 20:28 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-05-08 20:28 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-05-07 23:23 . 2010-05-07 23:23 -------- d-----w- c:\documents and settings\Tom Lechner\Application Data\Malwarebytes
2010-05-07 23:23 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-07 23:23 . 2010-05-07 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-07 23:23 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-07 22:16 . 2010-05-07 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2010-05-07 22:13 . 2010-05-07 22:13 -------- d-----w- c:\program files\Citrix
2010-05-07 22:07 . 2010-05-07 22:06 288096 ----a-w- c:\documents and settings\Tom Lechner\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2010-05-07 22:06 . 2010-05-07 22:06 288096 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\Supportability\Content\MVT\XMLFiles\detect.dll
2010-05-07 22:06 . 2010-05-07 22:06 -------- d-----w- c:\documents and settings\Tom Lechner\Application Data\McAfee
2010-05-06 13:25 . 2010-05-08 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ATTToolbar
2010-05-06 13:24 . 2010-05-08 21:27 -------- d-----w- c:\documents and settings\Tom Lechner\Application Data\ATTToolbar
2010-05-06 13:24 . 2010-05-06 13:24 -------- d-----w- c:\program files\ATTToolbar
2010-05-06 13:21 . 2010-05-06 13:21 -------- d-----w- c:\documents and settings\Tom Lechner\Application Data\Motive
2010-05-06 13:18 . 2010-05-06 13:20 -------- d-----w- c:\program files\ATT-SST
2010-05-06 12:18 . 2010-05-07 23:16 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-05 18:48 . 2010-05-05 18:48 -------- d-----w- c:\documents and settings\Tom Lechner\Application Data\EDrawings
2010-05-05 18:48 . 2010-05-05 18:48 -------- d-----w- c:\documents and settings\Tom Lechner\Local Settings\Application Data\DassaultSystemes
2010-05-05 18:48 . 2010-05-05 18:48 -------- d-----w- c:\documents and settings\Tom Lechner\Application Data\DassaultSystemes
2010-05-05 18:48 . 2010-05-05 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\DassaultSystemes
2010-05-05 18:48 . 2010-05-05 18:48 -------- d-----w- c:\program files\Common Files\SolidWorks Shared
2010-05-05 18:47 . 2010-05-05 18:48 -------- d-----w- c:\program files\Common Files\eDrawings2010
2010-04-30 20:19 . 2010-05-08 20:41 -------- d-----w- c:\program files\HP
2010-04-30 20:19 . 2010-04-30 20:19 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-04-30 20:18 . 2010-04-30 20:20 109823 ----a-w- c:\windows\hppins02.dat
2010-04-30 20:18 . 2007-06-19 23:44 1883 ------w- c:\windows\hppmdl02.dat
2010-04-30 19:47 . 2007-03-22 17:45 573440 ----a-w- c:\windows\system32\hpxp3390.dll
2010-04-30 19:47 . 2007-02-28 19:39 458752 ----a-w- c:\windows\system32\hppasc01.dll
2010-04-30 19:47 . 2007-02-05 20:32 782336 ----a-w- c:\windows\system32\hpptpml3.dll
2010-04-30 19:47 . 2006-10-31 18:56 33792 ----a-w- c:\windows\system32\HPZIPR12.DLL
2010-04-30 19:47 . 2006-10-31 18:56 52736 ----a-w- c:\windows\system32\HPZIPM12.DLL
2010-04-30 19:47 . 2006-10-31 18:56 49152 ----a-w- c:\windows\system32\HPZIDR12.DLL
2010-04-26 17:37 . 2010-04-26 17:37 -------- d-----w- c:\documents and settings\Tom Lechner\Application Data\AdobeUM
2010-04-25 22:43 . 2010-04-25 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2010-04-25 22:43 . 2010-05-07 15:14 -------- d-----w- c:\program files\Common Files\Motive
2010-04-25 22:43 . 2010-04-25 22:44 -------- d-----w- c:\program files\ATT-PRT22-WISE
2010-04-25 22:43 . 2010-04-25 22:43 -------- d-----w- c:\program files\ATT
2010-04-25 20:54 . 2010-04-25 21:14 -------- d-----w- c:\documents and settings\Tom Lechner\Local Settings\Application Data\Identities
2010-04-25 18:40 . 2010-05-03 16:44 -------- d-----w- c:\program files\SeaMonkey
2010-04-25 18:23 . 2010-05-03 17:21 1 ----a-w- c:\documents and settings\Tom Lechner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-25 18:23 . 2010-04-25 18:23 -------- d-----w- c:\documents and settings\Tom Lechner\Application Data\OpenOffice.org
2010-04-25 17:50 . 2010-04-25 17:52 -------- d---a-w- c:\documents and settings\Tom Lechner\projects
2010-04-25 17:44 . 2010-04-25 17:44 -------- d-----w- c:\program files\JRE
2010-04-25 17:44 . 2010-04-25 17:44 -------- d-----w- c:\program files\OpenOffice.org 3
2010-04-25 17:44 . 2010-04-25 17:43 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-25 17:17 . 2010-04-14 17:29 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-04-25 17:17 . 2010-04-14 17:29 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-04-25 17:17 . 2010-04-14 17:29 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-04-25 17:17 . 2010-04-14 17:29 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-04-25 17:17 . 2010-04-14 17:29 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-25 17:17 . 2010-04-14 17:29 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-04-25 17:17 . 2010-04-14 17:29 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-04-25 17:17 . 2010-04-14 17:29 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-04-25 17:17 . 2010-04-25 17:18 -------- d-----w- c:\program files\Common Files\Mcafee
2010-04-25 17:17 . 2010-04-25 17:17 -------- d-----w- c:\program files\McAfee.com
2010-04-25 17:17 . 2010-05-07 22:05 -------- d-----w- c:\program files\McAfee
2010-04-25 16:53 . 2010-05-07 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-04-25 16:19 . 2010-04-25 16:19 -------- d-----w- c:\documents and settings\Tom Lechner\Local Settings\Application Data\Citrix
2010-04-25 16:19 . 2010-04-25 16:19 -------- d-----w- c:\windows\Sun
2010-04-23 21:20 . 2010-04-23 21:20 -------- d-----w- c:\windows\system32\scripting
2010-04-23 21:20 . 2010-04-23 21:20 -------- d-----w- c:\windows\l2schemas
2010-04-23 21:20 . 2010-04-23 21:20 -------- d-----w- c:\windows\system32\en
2010-04-23 21:20 . 2010-04-23 21:20 -------- d-----w- c:\windows\system32\bits
2010-04-23 21:12 . 2010-04-23 21:12 -------- d-----w- c:\windows\EHome
2010-04-23 20:39 . 2010-04-23 20:39 -------- d-----w- c:\program files\MSXML 4.0
2010-04-23 20:34 . 2010-04-23 21:18 -------- d-----w- c:\windows\ServicePackFiles
2010-04-23 20:26 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-23 20:24 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-04-23 20:23 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-04-23 20:21 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-04-23 20:21 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-04-23 20:20 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-04-23 20:13 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-04-23 20:10 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-04-23 20:10 . 2009-06-10 14:19 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2010-04-23 20:04 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-04-23 20:04 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-04-23 20:04 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-04-23 20:03 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-04-23 20:03 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-23 20:03 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-04-23 20:03 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-04-23 16:30 . 2007-01-25 18:24 286208 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp4wm.DLL
2010-04-23 16:30 . 2007-03-28 23:36 327680 ----a-w- c:\windows\system32\HPPEPR01.DLL
2010-04-23 16:30 . 2007-03-22 00:54 229376 ----a-w- c:\windows\system32\HPPCPR01.DLL
2010-04-23 16:30 . 2007-03-15 19:45 630 ----a-w- c:\windows\system32\HPPCPR01.DAT
2010-04-23 16:30 . 2005-10-28 16:01 45056 ----a-w- c:\windows\system32\HPPAPTS0.DLL
2010-04-23 16:30 . 2005-10-28 16:01 36864 ----a-w- c:\windows\system32\HPPASNM0.DLL
2010-04-23 16:30 . 2005-10-28 16:01 36864 ----a-w- c:\windows\system32\HPPAPML0.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 21:32 . 2010-04-23 06:19 1328 ----a-w- c:\documents and settings\Tom Lechner\Application Data\wklnhst.dat
2010-05-05 18:49 . 2010-04-23 08:51 134 ----a-w- c:\documents and settings\Tom Lechner\Local Settings\Application Data\fusioncache.dat
2010-04-25 20:23 . 2010-04-23 08:51 41432 ----a-w- c:\documents and settings\Tom Lechner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-25 20:22 . 2010-04-25 19:26 -------- d---a-w- c:\program files\Microsoft Works
2010-04-25 20:05 . 2010-04-25 19:52 -------- d-----w- c:\program files\Microsoft Office97
2010-04-25 17:44 . 2005-11-05 04:22 -------- d-----w- c:\program files\Common Files\Java
2010-04-25 17:43 . 2005-11-05 04:22 -------- d-----w- c:\program files\Java
2010-04-25 17:00 . 2005-11-05 04:11 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com
2010-04-23 21:56 . 2005-11-05 02:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-23 21:22 . 2005-11-05 02:29 77607 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-23 14:16 . 2005-11-05 04:05 -------- d-----w- c:\program files\Common Files\Intuit
2010-04-23 08:50 . 2010-04-23 08:50 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-04-23 08:50 . 2010-04-23 08:50 -------- d-----w- c:\program files\Atheros
2010-04-23 08:40 . 2005-11-29 23:08 -------- d-----w- c:\program files\Sonic
2010-04-23 06:48 . 2005-11-05 04:09 -------- d-----w- c:\program files\Pure Networks
2010-04-23 06:02 . 2005-11-05 04:05 -------- d-----w- c:\program files\Quicken
2010-04-23 06:00 . 2005-11-05 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-04-23 06:00 . 2005-11-05 04:09 -------- d-----w- c:\program files\Common Files\AOL
2010-04-23 06:00 . 2010-04-23 08:51 -------- d-----w- c:\documents and settings\Tom Lechner\Application Data\AOL
2010-04-14 17:29 . 2010-01-05 23:04 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-04-14 17:29 . 2010-01-05 23:04 385536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-03-11 12:38 . 2005-11-05 00:53 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2005-11-05 00:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2005-11-05 00:52 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2005-11-05 00:53 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2005-11-05 00:52 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 14:10 . 2005-11-05 00:53 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2005-11-05 00:52 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2005-11-05 00:53 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-04-14 17:29 . 2010-04-26 14:09 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 15473664]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2005-11-25 352256]
"NDSTray.exe"="NDSTray.exe" [BU]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-10 73728]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-05-19 188416]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"TFncKy"="TFncKy.exe" [BU]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-07-15 1077322]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-02 1180976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2009-10-22 1577984]

c:\documents and settings\Tom Lechner\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 111376]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-4-23 724992]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-11-4 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [4/25/2010 12:17 PM 82952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/25/2010 12:17 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/25/2010 12:17 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/25/2010 12:17 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [4/25/2010 12:17 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [4/25/2010 12:17 PM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [4/25/2010 12:17 PM 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [4/25/2010 12:17 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [4/25/2010 12:17 PM 88480]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [4/25/2010 12:17 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [4/25/2010 12:17 PM 83496]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2010-04-23 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-11-05 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\www.update
Trusted Zone: windowsupdate.com\download
DPF: {AFD8A3A3-8B73-444B-82F2-2E4345FA5B38} - hxxp://www.comcastsupport.com/oneclickfix/scripts/Comcast.Ocf.cab
FF - ProfilePath - c:\documents and settings\Tom Lechner\Application Data\Mozilla\Firefox\Profiles\schnf0vt.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-08 18:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x894CBEE4]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> atapi.sys @ 0xf74a8852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: Atheros AR5005G Wireless Network Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf7a38bd4
PacketIndicateHandler -> NDIS.sys @ 0xf7a44a21
SendHandler -> NDIS.sys @ 0xf7a38d44
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(976)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1036)
c:\windows\system32\WININET.dll
.
Completion time: 2010-05-08 18:14:51
ComboFix-quarantined-files.txt 2010-05-08 23:14

Pre-Run: 42,511,253,504 bytes free
Post-Run: 42,933,805,056 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 1338693605B96E51133B8607E2DD5EA6
  • 0

#10
Mjöllnir

Mjöllnir

    Trusted Helper

  • Retired Staff
  • 1,207 posts
Hello.


You have a rootkit infection. After running this fix, let me know how things are working.



1. Please open Notepad
  • Click Start , then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

TDL::
C:\WINDOWS\System32\DRIVERS\RDPCDD.sys

MBR::


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post C:\Combofix.txt in your next reply.




Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double-click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.





Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run as administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.





OTL Scan
  • Download OTL to your desktop.
  • Double-click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Quick Scan button. Do not change any other settings.
  • Please copy (Edit->Select All, Edit->Copy) the contents of OTL.txt and post it in your next reply.

  • 0

Advertisements


#11
MT Tom

MT Tom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Can I start cellebrating now?
No redirects that I can find.
Thank You.
B4 I was concerned about the virus, but (12) hours after I probably got it, I logged onto (2) bank accounts.
Anyway, here are the latest logs.

ComboFix 10-05-08.01 - Tom Lechner 05/09/2010 9:32.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1620 [GMT -5:00]
Running from: c:\documents and settings\Tom Lechner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tom Lechner\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\System32\DRIVERS\RDPCDD.sys was found and disinfected
Restored copy from - Kitty had a snack :)
Infected copy of c:\windows\system32\DRIVERS\RDPCDD.sys was found and disinfected
Restored copy from - Kitty ate it :)
Infected copy of c:\windows\System32\DRIVERS\RDPCDD.sys was found and disinfected
Restored copy from - Kitty had a snack :)
Infected copy of c:\windows\system32\DRIVERS\RDPCDD.sys was found and disinfected
Restored copy from - Kitty ate it :)
Infected copy of c:\windows\system32\drivers\rdpcdd.sys was found and disinfected
Restored copy from - Kitty had a snack :)
.
((((((((((((((((((((((((( Files Created from 2010-04-09 to 2010-05-09 )))))))))))))))))))))))))))))))
.

2010-05-08 21:08 . 2010-05-08 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2010-05-08 21:08 . 2007-03-15 20:32 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll
2010-05-08 21:08 . 2007-03-15 20:32 118272 ----a-w- c:\windows\system32\hpz3l5ha.dll
2010-05-08 21:08 . 2006-10-31 18:49 94208 ----a-w- c:\windows\system32\HPJIPX1U.DLL
2010-05-08 21:08 . 2006-10-31 18:49 163840 ----a-w- c:\windows\system32\HPJCMN2U.DLL
2010-05-08 21:07 . 2007-02-06 22:00 39424 ----a-w- c:\windows\system32\HPBPRO.DLL
2010-05-08 21:07 . 2007-02-06 22:00 7680 ----a-w- c:\windows\system32\HPBPROPS.DLL
2010-05-08 21:07 . 2007-02-06 22:00 25600 ----a-w- c:\windows\system32\HPBOID.DLL
2010-05-08 21:07 . 2007-02-06 22:00 7680 ----a-w- c:\windows\system32\HPBOIDPS.DLL
2010-05-08 21:07 . 2007-02-06 22:00 24576 ----a-w- c:\windows\system32\HPBMIAPI.DLL
2010-05-08 21:07 . 2006-10-31 18:48 49152 ----a-w- c:\windows\system32\HPBNRAC2.DLL
2010-05-08 21:07 . 2006-10-31 18:48 241721 ----a-w- c:\windows\system32\HPBMINI.DLL
2010-05-08 21:07 . 2001-08-17 18:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2010-05-08 21:07 . 2001-08-17 18:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2010-05-08 20:56 . 2010-05-08 20:56 -------- d-----w- c:\program files\Hewlett-Packard
2010-05-08 20:55 . 2007-05-03 00:03 267864 ----a-w- c:\windows\system32\hpzids01.dll
2010-05-08 20:55 . 2007-05-03 00:03 267864 ----a-w- C:\hpzids01.dll
2010-05-08 20:55 . 2007-05-02 23:01 675840 ----a-w- c:\windows\system32\hpowiax5.dll
2010-05-08 20:55 . 2007-05-02 23:00 303104 ----a-w- c:\windows\system32\hpovst12.dll
2010-05-08 20:55 . 2007-05-02 22:56 954368 ----a-w- c:\windows\system32\hpotiop5.dll
2010-05-08 20:54 . 2010-05-08 21:19 130449 ----a-w- c:\windows\hpoins21.dat
2010-05-08 20:54 . 2007-09-06 14:34 8138 ------w- c:\windows\hpomdl21.dat
2010-05-08 20:41 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-05-08 20:41 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-05-08 20:41 . 2004-09-29 17:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2010-05-08 20:41 . 2004-09-29 17:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2010-05-08 20:38 . 2010-05-08 20:43 102262 ----a-w- c:\windows\hpoins05.dat
2010-05-08 20:38 . 2005-06-22 14:03 17505 ------w- c:\windows\hpomdl07.dat
2010-05-08 20:38 . 2005-04-08 15:51 258122 ----a-w- c:\windows\system32\hpovst08.dll
2010-05-08 20:38 . 2005-04-08 15:51 606208 ----a-w- c:\windows\system32\hpotscl.dll
2010-05-08 20:38 . 2005-02-05 02:58 98304 ----a-w- c:\windows\system32\hpzjsn01.dll
2010-05-08 20:38 . 2005-04-08 15:51 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
2010-05-08 20:38 . 2005-03-08 19:41 139345 ----a-w- c:\windows\system32\hpzlnt12.dll
2010-05-08 20:38 . 2005-03-08 19:41 393216 ----a-w- c:\windows\system32\hpzcon12.dll
2010-05-08 20:38 . 2005-03-08 19:41 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
2010-05-08 20:28 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-05-08 20:28 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-05-07 23:23 . 2010-05-07 23:23 -------- d-----w- c:\documents and settings\Tom Lechner\Application Data\Malwarebytes
2010-05-07 23:23 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-07 23:23 . 2010-05-07 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-07 23:23 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-07 22:16 . 2010-05-07 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2010-05-07 22:13 . 2010-05-07 22:13 -------- d-----w- c:\program files\Citrix
2010-05-07 22:07 . 2010-05-07 22:06 288096 ----a-w- c:\documents and settings\Tom Lechner\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2010-05-07 22:06 . 2010-05-07 22:06 288096 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\Supportability\Content\MVT\XMLFiles\detect.dll
2010-05-07 22:06 . 2010-05-07 22:06 -------- d-----w- c:\documents and settings\Tom Lechner\Application Data\McAfee
2010-05-06 13:25 . 2010-05-09 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\ATTToolbar
2010-05-06 13:24 . 2010-05-08 21:27 -------- d-----w- c:\documents and settings\Tom Lechner\Application Data\ATTToolbar
2010-05-06 13:24 . 2010-05-06 13:24 -------- d-----w- c:\program files\ATTToolbar
2010-05-06 13:21 . 2010-05-06 13:21 -------- d-----w- c:\documents and settings\Tom Lechner\Application Data\Motive
2010-05-06 13:18 . 2010-05-06 13:20 -------- d-----w- c:\program files\ATT-SST
2010-05-06 12:18 . 2010-05-07 23:16 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-05 18:48 . 2010-05-05 18:48 -------- d-----w- c:\documents and settings\Tom Lechner\Application Data\EDrawings
2010-05-05 18:48 . 2010-05-05 18:48 -------- d-----w- c:\documents and settings\Tom Lechner\Local Settings\Application Data\DassaultSystemes
2010-05-05 18:48 . 2010-05-05 18:48 -------- d-----w- c:\documents and settings\Tom Lechner\Application Data\DassaultSystemes
2010-05-05 18:48 . 2010-05-05 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\DassaultSystemes
2010-05-05 18:48 . 2010-05-05 18:48 -------- d-----w- c:\program files\Common Files\SolidWorks Shared
2010-05-05 18:47 . 2010-05-05 18:48 -------- d-----w- c:\program files\Common Files\eDrawings2010
2010-04-30 20:19 . 2010-05-08 20:41 -------- d-----w- c:\program files\HP
2010-04-30 20:19 . 2010-04-30 20:19 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-04-30 20:18 . 2010-04-30 20:20 109823 ----a-w- c:\windows\hppins02.dat
2010-04-30 20:18 . 2007-06-19 23:44 1883 ------w- c:\windows\hppmdl02.dat
2010-04-30 19:47 . 2007-03-22 17:45 573440 ----a-w- c:\windows\system32\hpxp3390.dll
2010-04-30 19:47 . 2007-02-28 19:39 458752 ----a-w- c:\windows\system32\hppasc01.dll
2010-04-30 19:47 . 2007-02-05 20:32 782336 ----a-w- c:\windows\system32\hpptpml3.dll
2010-04-30 19:47 . 2006-10-31 18:56 33792 ----a-w- c:\windows\system32\HPZIPR12.DLL
2010-04-30 19:47 . 2006-10-31 18:56 52736 ----a-w- c:\windows\system32\HPZIPM12.DLL
2010-04-30 19:47 . 2006-10-31 18:56 49152 ----a-w- c:\windows\system32\HPZIDR12.DLL
2010-04-26 17:37 . 2010-04-26 17:37 -------- d-----w- c:\documents and settings\Tom Lechner\Application Data\AdobeUM
2010-04-25 22:43 . 2010-04-25 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2010-04-25 22:43 . 2010-05-07 15:14 -------- d-----w- c:\program files\Common Files\Motive
2010-04-25 22:43 . 2010-04-25 22:44 -------- d-----w- c:\program files\ATT-PRT22-WISE
2010-04-25 22:43 . 2010-04-25 22:43 -------- d-----w- c:\program files\ATT
2010-04-25 20:54 . 2010-04-25 21:14 -------- d-----w- c:\documents and settings\Tom Lechner\Local Settings\Application Data\Identities
2010-04-25 18:40 . 2010-05-03 16:44 -------- d-----w- c:\program files\SeaMonkey
2010-04-25 18:23 . 2010-05-03 17:21 1 ----a-w- c:\documents and settings\Tom Lechner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-25 18:23 . 2010-04-25 18:23 -------- d-----w- c:\documents and settings\Tom Lechner\Application Data\OpenOffice.org
2010-04-25 17:50 . 2010-04-25 17:52 -------- d---a-w- c:\documents and settings\Tom Lechner\projects
2010-04-25 17:44 . 2010-04-25 17:44 -------- d-----w- c:\program files\JRE
2010-04-25 17:44 . 2010-04-25 17:44 -------- d-----w- c:\program files\OpenOffice.org 3
2010-04-25 17:44 . 2010-04-25 17:43 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-25 17:17 . 2010-04-14 17:29 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-04-25 17:17 . 2010-04-14 17:29 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-04-25 17:17 . 2010-04-14 17:29 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-04-25 17:17 . 2010-04-14 17:29 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-04-25 17:17 . 2010-04-14 17:29 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-25 17:17 . 2010-04-14 17:29 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-04-25 17:17 . 2010-04-14 17:29 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-04-25 17:17 . 2010-04-14 17:29 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-04-25 17:17 . 2010-04-25 17:18 -------- d-----w- c:\program files\Common Files\Mcafee
2010-04-25 17:17 . 2010-04-25 17:17 -------- d-----w- c:\program files\McAfee.com
2010-04-25 17:17 . 2010-05-07 22:05 -------- d-----w- c:\program files\McAfee
2010-04-25 16:53 . 2010-05-07 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-04-25 16:19 . 2010-04-25 16:19 -------- d-----w- c:\documents and settings\Tom Lechner\Local Settings\Application Data\Citrix
2010-04-25 16:19 . 2010-04-25 16:19 -------- d-----w- c:\windows\Sun
2010-04-23 21:20 . 2010-04-23 21:20 -------- d-----w- c:\windows\system32\scripting
2010-04-23 21:20 . 2010-04-23 21:20 -------- d-----w- c:\windows\l2schemas
2010-04-23 21:20 . 2010-04-23 21:20 -------- d-----w- c:\windows\system32\en
2010-04-23 21:20 . 2010-04-23 21:20 -------- d-----w- c:\windows\system32\bits
2010-04-23 21:12 . 2010-04-23 21:12 -------- d-----w- c:\windows\EHome
2010-04-23 20:39 . 2010-04-23 20:39 -------- d-----w- c:\program files\MSXML 4.0
2010-04-23 20:34 . 2010-04-23 21:18 -------- d-----w- c:\windows\ServicePackFiles
2010-04-23 20:26 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-23 20:24 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-04-23 20:23 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-04-23 20:21 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-04-23 20:21 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-04-23 20:20 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-04-23 20:13 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-04-23 20:10 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-04-23 20:10 . 2009-06-10 14:19 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2010-04-23 20:04 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-04-23 20:04 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-04-23 20:04 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-04-23 20:03 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-04-23 20:03 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-23 20:03 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-04-23 20:03 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-04-23 16:30 . 2007-01-25 18:24 286208 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp4wm.DLL
2010-04-23 16:30 . 2007-03-28 23:36 327680 ----a-w- c:\windows\system32\HPPEPR01.DLL
2010-04-23 16:30 . 2007-03-22 00:54 229376 ----a-w- c:\windows\system32\HPPCPR01.DLL
2010-04-23 16:30 . 2007-03-15 19:45 630 ----a-w- c:\windows\system32\HPPCPR01.DAT
2010-04-23 16:30 . 2005-10-28 16:01 45056 ----a-w- c:\windows\system32\HPPAPTS0.DLL
2010-04-23 16:30 . 2005-10-28 16:01 36864 ----a-w- c:\windows\system32\HPPASNM0.DLL
2010-04-23 16:30 . 2005-10-28 16:01 36864 ----a-w- c:\windows\system32\HPPAPML0.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 21:32 . 2010-04-23 06:19 1328 ----a-w- c:\documents and settings\Tom Lechner\Application Data\wklnhst.dat
2010-05-05 18:49 . 2010-04-23 08:51 134 ----a-w- c:\documents and settings\Tom Lechner\Local Settings\Application Data\fusioncache.dat
2010-04-25 20:23 . 2010-04-23 08:51 41432 ----a-w- c:\documents and settings\Tom Lechner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-25 20:22 . 2010-04-25 19:26 -------- d---a-w- c:\program files\Microsoft Works
2010-04-25 20:05 . 2010-04-25 19:52 -------- d-----w- c:\program files\Microsoft Office97
2010-04-25 17:44 . 2005-11-05 04:22 -------- d-----w- c:\program files\Common Files\Java
2010-04-25 17:43 . 2005-11-05 04:22 -------- d-----w- c:\program files\Java
2010-04-25 17:00 . 2005-11-05 04:11 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com
2010-04-23 21:56 . 2005-11-05 02:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-23 21:22 . 2005-11-05 02:29 77607 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-23 14:16 . 2005-11-05 04:05 -------- d-----w- c:\program files\Common Files\Intuit
2010-04-23 08:50 . 2010-04-23 08:50 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-04-23 08:50 . 2010-04-23 08:50 -------- d-----w- c:\program files\Atheros
2010-04-23 08:40 . 2005-11-29 23:08 -------- d-----w- c:\program files\Sonic
2010-04-23 06:48 . 2005-11-05 04:09 -------- d-----w- c:\program files\Pure Networks
2010-04-23 06:02 . 2005-11-05 04:05 -------- d-----w- c:\program files\Quicken
2010-04-23 06:00 . 2005-11-05 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-04-23 06:00 . 2005-11-05 04:09 -------- d-----w- c:\program files\Common Files\AOL
2010-04-23 06:00 . 2010-04-23 08:51 -------- d-----w- c:\documents and settings\Tom Lechner\Application Data\AOL
2010-04-14 17:29 . 2010-01-05 23:04 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-04-14 17:29 . 2010-01-05 23:04 385536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-03-11 12:38 . 2005-11-05 00:53 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2005-11-05 00:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2005-11-05 00:52 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2005-11-05 00:53 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2005-11-05 00:52 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 14:10 . 2005-11-05 00:53 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2005-11-05 00:52 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2005-11-05 00:53 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-04-14 17:29 . 2010-04-26 14:09 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((( [email protected]_23.11.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-09 14:43 . 2010-05-09 14:43 16384 c:\windows\Temp\Perflib_Perfdata_558.dat
- 2010-05-08 04:18 . 2010-05-08 21:36 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-08 04:18 . 2010-05-09 13:18 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-11-05 02:31 . 2010-05-09 13:18 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-11-05 02:31 . 2010-05-08 21:36 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-05-09 13:18 . 2010-05-09 13:18 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-11-05 00:53 . 2004-08-04 12:00 4224 c:\windows\system32\dllcache\rdpcdd.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 15473664]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2005-11-25 352256]
"NDSTray.exe"="NDSTray.exe" [BU]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-10 73728]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-05-19 188416]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"TFncKy"="TFncKy.exe" [BU]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-07-15 1077322]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-02 1180976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2009-10-22 1577984]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-11-05 98304]

c:\documents and settings\Tom Lechner\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 111376]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-4-23 724992]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-11-4 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [4/25/2010 12:17 PM 82952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/25/2010 12:17 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/25/2010 12:17 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/25/2010 12:17 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [4/25/2010 12:17 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [4/25/2010 12:17 PM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [4/25/2010 12:17 PM 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [4/25/2010 12:17 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [4/25/2010 12:17 PM 88480]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [4/25/2010 12:17 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [4/25/2010 12:17 PM 83496]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2010-04-23 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-11-05 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\www.update
Trusted Zone: windowsupdate.com\download
DPF: {AFD8A3A3-8B73-444B-82F2-2E4345FA5B38} - hxxp://www.comcastsupport.com/oneclickfix/scripts/Comcast.Ocf.cab
FF - ProfilePath - c:\documents and settings\Tom Lechner\Application Data\Mozilla\Firefox\Profiles\schnf0vt.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-09 09:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(976)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2588)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\sitead~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\acs.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\TPSMain.exe
c:\windows\system32\TPSBattM.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2010-05-09 09:49:41 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-09 14:49
ComboFix2.txt 2010-05-08 23:14

Pre-Run: 42,852,114,432 bytes free
Post-Run: 42,837,422,080 bytes free

- - End Of File - - 8BFC56A5DC3BDCF15F9F2EDC015CEA88


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4082

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

5/9/2010 10:06:51 AM
mbam-log-2010-05-09 (10-06-51).txt

Scan type: Quick scan
Objects scanned: 117907
Time elapsed: 4 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL logfile created on: 5/9/2010 10:19:06 AM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Tom Lechner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.65 Gb Total Space | 39.93 Gb Free Space | 71.76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: Tom Lechner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Tom Lechner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
PRC - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
PRC - C:\WINDOWS\system32\acs.exe ()
PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)
PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\TOSHIBA\IVP\ISM\pinger.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Tom Lechner\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (SolidWorks Licensing Service) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (TAPPSRV) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
SRV - (Swupdtmr) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)


========== Driver Services (SafeList) ==========

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPFXBULK) -- C:\WINDOWS\system32\drivers\hpfxbulk.sys (Hewlett Packard)
DRV - (Tvs) -- C:\WINDOWS\system32\drivers\Tvs.sys (TOSHIBA Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (ASCTRM) -- C:\WINDOWS\system32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (TVALD) -- C:\WINDOWS\system32\drivers\NBSMI.sys (Toshiba Corporation)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (tbiosdrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (KR10N) -- C:\WINDOWS\system32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/04/25 12:23:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/07 18:48:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/05 13:47:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.4\extensions\\Components: C:\Program Files\SeaMonkey\components [2010/04/25 13:41:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.4\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2010/04/25 13:40:45 | 000,000,000 | ---D | M]

[2010/04/25 15:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Lechner\Application Data\Mozilla\Extensions
[2010/04/25 13:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom Lechner\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2010/04/25 15:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Lechner\Application Data\Mozilla\Firefox\Profiles\schnf0vt.default\extensions
[2010/04/25 13:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Lechner\Application Data\Mozilla\SeaMonkey\Profiles\9jbmopxk.default\extensions
[2010/04/25 15:47:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/14 12:29:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/03/24 13:07:20 | 000,274,432 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll

O1 HOSTS File: ([2010/05/09 09:44:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20100427100956.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [CFSServ.exe] File not found
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Tom Lechner\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\Tom Lechner\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {AFD8A3A3-8B73-444B-82F2-2E4345FA5B38} http://www.comcastsu...Comcast.Ocf.cab (OneClickFixes Class)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/04 21:30:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/05/09 10:18:13 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tom Lechner\Desktop\OTL.exe
[2010/05/09 10:12:18 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tom Lechner\Desktop\TFC.exe
[2010/05/09 09:59:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/09 09:55:56 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tom Lechner\Desktop\mbam-setup.exe
[2010/05/09 09:50:55 | 000,000,000 | ---D | C] -- C:\Virus 5-9-10
[2010/05/08 17:47:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/08 17:13:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/08 17:13:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/08 17:13:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/08 17:13:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/08 17:12:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/08 16:08:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2010/05/08 15:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/05/08 15:40:41 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/05/08 15:38:34 | 000,098,304 | ---- | C] (Hewlett Packard Company) -- C:\WINDOWS\System32\hpzjsn01.dll
[2010/05/07 18:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Application Data\Malwarebytes
[2010/05/07 18:23:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/07 18:23:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/07 18:23:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/07 18:15:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/07 17:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/05/07 17:13:36 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2010/05/07 17:06:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Application Data\McAfee
[2010/05/06 08:25:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATTToolbar
[2010/05/06 08:24:57 | 000,000,000 | ---D | C] -- C:\Program Files\ATTToolbar
[2010/05/06 08:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Application Data\ATTToolbar
[2010/05/06 08:21:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Application Data\Motive
[2010/05/06 08:18:59 | 000,000,000 | ---D | C] -- C:\Program Files\ATT-SST
[2010/05/06 07:18:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/05/05 20:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/05 20:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/05 13:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Application Data\EDrawings
[2010/05/05 13:48:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Local Settings\Application Data\DassaultSystemes
[2010/05/05 13:48:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Application Data\DassaultSystemes
[2010/05/05 13:48:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2010/05/05 13:48:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SolidWorks Shared
[2010/05/05 13:47:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\eDrawings2010
[2010/04/30 15:25:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tom Lechner\My Documents\My Pictures
[2010/04/30 15:19:35 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/04/30 15:19:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/04/26 12:58:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\My Documents\broken-mcafee-dat-update-cripples-windows-workstations.ars_files
[2010/04/26 12:56:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\My Documents\91726589_files
[2010/04/26 12:37:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Application Data\AdobeUM
[2010/04/25 17:43:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Motive
[2010/04/25 17:43:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2010/04/25 17:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\ATT-PRT22-WISE
[2010/04/25 17:43:35 | 000,000,000 | ---D | C] -- C:\Program Files\ATT
[2010/04/25 15:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Local Settings\Application Data\Identities
[2010/04/25 15:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/04/25 15:41:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\My Documents\Downloads
[2010/04/25 15:36:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Bills
[2010/04/25 15:32:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\WORKS DB
[2010/04/25 15:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Backup
[2010/04/25 14:52:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office97
[2010/04/25 14:26:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/04/25 13:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Local Settings\Application Data\Mozilla
[2010/04/25 13:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Application Data\Mozilla
[2010/04/25 13:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\SeaMonkey
[2010/04/25 13:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Application Data\OpenOffice.org
[2010/04/25 12:50:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\projects
[2010/04/25 12:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/04/25 12:44:30 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/04/25 12:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/25 12:17:49 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/04/25 12:17:44 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/04/25 12:17:44 | 000,088,480 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/04/25 12:17:44 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/04/25 12:17:44 | 000,082,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/04/25 12:17:44 | 000,051,688 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/04/25 12:17:43 | 000,152,320 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/04/25 12:17:43 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/04/25 12:17:36 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2010/04/25 12:17:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2010/04/25 12:17:21 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/04/25 11:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/04/25 11:19:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Local Settings\Application Data\Citrix
[2010/04/25 11:19:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/04/25 11:19:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Application Data\Sun
[2010/04/23 16:47:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/04/23 16:20:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/04/23 16:20:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/04/23 16:20:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/04/23 16:20:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/04/23 16:15:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/04/23 16:12:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/04/23 16:12:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/04/23 15:39:41 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/04/23 15:34:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/04/23 15:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2010/04/23 15:01:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/04/23 14:59:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/04/23 11:19:06 | 000,000,000 | ---D | C] -- C:\Downloads
[2010/04/23 10:33:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/04/23 09:16:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 4.0
[2010/04/23 09:15:40 | 000,339,968 | ---- | C] (AMYUNI Consultants
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf.dll
[2010/04/23 09:15:37 | 000,000,000 | ---D | C] -- C:\Program Files\Intuit
[2010/04/23 09:15:36 | 000,999,424 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System32\SPR32X30.ocx
[2010/04/23 09:15:36 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\THREED32.OCX
[2010/04/23 09:15:35 | 000,737,280 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System32\spr32d30.dll
[2010/04/23 09:01:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Intuit
[2010/04/23 08:57:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\ORDERS
[2010/04/23 08:54:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\SendTo
[2010/04/23 03:51:23 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Tom Lechner\Application Data\Microsoft
[2010/04/23 03:51:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tom Lechner\SendTo
[2010/04/23 03:51:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tom Lechner\Recent
[2010/04/23 03:51:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tom Lechner\Application Data
[2010/04/23 03:51:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tom Lechner\Start Menu
[2010/04/23 03:51:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tom Lechner\My Documents
[2010/04/23 03:51:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tom Lechner\Favorites
[2010/04/23 03:51:23 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Tom Lechner\Cookies
[2010/04/23 03:51:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tom Lechner\Templates
[2010/04/23 03:51:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tom Lechner\PrintHood
[2010/04/23 03:51:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tom Lechner\NetHood
[2010/04/23 03:51:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tom Lechner\Local Settings
[2010/04/23 03:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Application Data\You've Got Pictures Screensaver
[2010/04/23 03:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Local Settings\Application Data\Yahoo
[2010/04/23 03:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\WINDOWS
[2010/04/23 03:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Application Data\toshiba
[2010/04/23 03:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Local Settings\Application Data\Microsoft
[2010/04/23 03:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Application Data\Intuit
[2010/04/23 03:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Application Data\Identities
[2010/04/23 03:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Local Settings\Application Data\Google
[2010/04/23 03:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Desktop
[2010/04/23 03:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Local Settings\Application Data\ATI
[2010/04/23 03:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Application Data\ATI
[2010/04/23 03:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Local Settings\Application Data\ApplicationHistory
[2010/04/23 03:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Application Data\AOL
[2010/04/23 03:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Local Settings\Application Data\Adobe
[2010/04/23 03:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Application Data\Adobe
[2010/04/23 03:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150040}
[2010/04/23 03:50:44 | 000,028,672 | ---- | C] (ASKEY COMPUTER CORP.) -- C:\WINDOWS\System32\DelRunOnceReg.exe
[2010/04/23 03:50:42 | 000,352,256 | ---- | C] (Atheros) -- C:\WINDOWS\System32\athcfg11.dll
[2010/04/23 03:50:42 | 000,237,568 | ---- | C] (Atheros) -- C:\WINDOWS\System32\wgapi.dll
[2010/04/23 03:50:42 | 000,233,472 | ---- | C] (Atheros) -- C:\WINDOWS\System32\wcapi.dll
[2010/04/23 03:50:42 | 000,077,824 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\athcfg11res.dll
[2010/04/23 03:50:24 | 000,468,736 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\ar5211.sys
[2010/04/23 03:50:24 | 000,032,768 | ---- | C] (ASKEY COMPUTER CORP.) -- C:\WINDOWS\System32\RmWLAN.exe
[2010/04/23 03:50:24 | 000,032,768 | ---- | C] (ASKEY COMPUTER CORP.) -- C:\WINDOWS\System32\CloseACU.exe
[2010/04/23 03:50:24 | 000,028,672 | ---- | C] (ASKEY COMPUTER CORP.) -- C:\WINDOWS\System32\InstallInf.exe
[2010/04/23 03:50:24 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2010/04/23 03:40:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DLA
[2010/04/23 03:39:53 | 000,192,512 | ---- | C] (Arcsoft) -- C:\WINDOWS\System32\AdavVideoDec.dll
[2010/04/23 03:39:53 | 000,126,976 | ---- | C] (Arcsoft (HZ)) -- C:\WINDOWS\System32\AdavAudioDec.dll
[2010/04/23 03:39:53 | 000,110,592 | ---- | C] (Arcsoft Co. (hangzhou, PRC)) -- C:\WINDOWS\System32\ArcSpl.ax
[2010/04/23 03:39:53 | 000,048,128 | ---- | C] (Arcsoft Inc.) -- C:\WINDOWS\System32\mpgvideo.ax
[2010/04/23 03:39:53 | 000,047,616 | ---- | C] (Arcsoft Inc.) -- C:\WINDOWS\System32\mpgaudio.ax
[2010/04/23 03:37:47 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\PCDLIB32.DLL
[2010/04/23 03:37:40 | 000,139,264 | ---- | C] (ArcSoft Inc.) -- C:\WINDOWS\System32\PhotoBase Screen Saver.scr
[2010/04/23 03:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2010/04/23 03:36:21 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/04/23 02:43:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/04/23 02:43:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/04/23 02:41:49 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/04/23 02:41:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010/04/23 02:41:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/04/23 02:14:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Application Data\Macromedia
[2010/04/23 01:20:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Tom Lechner\UserData
[2010/04/23 01:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Application Data\Template
[2010/04/23 01:08:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Lechner\Data In 4-22-10
[2010/04/23 00:57:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2005/11/04 21:59:49 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll

========== Files - Modified Within 90 Days ==========

[2010/05/09 10:18:18 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom Lechner\Desktop\OTL.exe
[2010/05/09 10:15:51 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2010/05/09 10:15:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/09 10:15:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/09 10:15:23 | 2078,527,488 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/09 10:14:43 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\Tom Lechner\NTUSER.DAT
[2010/05/09 10:14:20 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tom Lechner\ntuser.ini
[2010/05/09 10:12:23 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom Lechner\Desktop\TFC.exe
[2010/05/09 09:56:37 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tom Lechner\Desktop\mbam-setup.exe
[2010/05/09 09:44:45 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/09 09:44:16 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/08 17:47:24 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/05/08 17:42:43 | 003,684,349 | R--- | M] () -- C:\Documents and Settings\Tom Lechner\Desktop\ComboFix.exe
[2010/05/08 16:32:34 | 000,001,328 | ---- | M] () -- C:\Documents and Settings\Tom Lechner\Application Data\wklnhst.dat
[2010/05/08 16:19:49 | 000,130,449 | ---- | M] () -- C:\WINDOWS\hpoins21.dat
[2010/05/08 15:43:14 | 000,102,262 | ---- | M] () -- C:\WINDOWS\hpoins05.dat
[2010/05/07 18:16:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/07 18:14:27 | 000,000,836 | ---- | M] () -- C:\Documents and Settings\Tom Lechner\Desktop\NTREGOPT.lnk
[2010/05/07 18:14:27 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\Tom Lechner\Desktop\ERUNT.lnk
[2010/05/07 14:42:32 | 001,818,624 | ---- | M] () -- C:\ffastunT.ffl
[2010/05/07 10:08:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/06 14:11:51 | 000,499,712 | -H-- | M] () -- C:\ffastun.ffo
[2010/05/06 14:11:51 | 000,005,143 | -H-- | M] () -- C:\ffastun.ffa
[2010/05/06 14:11:50 | 002,723,840 | -H-- | M] () -- C:\ffastun0.ffx
[2010/05/06 14:11:50 | 001,818,624 | -H-- | M] () -- C:\ffastun.ffl
[2010/05/06 08:26:07 | 000,000,157 | ---- | M] () -- C:\Documents and Settings\Tom Lechner\Desktop\AT&T Webmail.url
[2010/05/06 08:26:07 | 000,000,155 | ---- | M] () -- C:\Documents and Settings\Tom Lechner\Desktop\AT&T Internet.url
[2010/05/06 08:21:07 | 000,001,953 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AT&T Self Support Tool.lnk
[2010/05/05 13:49:25 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\Tom Lechner\Local Settings\Application Data\fusioncache.dat
[2010/05/05 13:48:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2010/05/05 13:48:18 | 000,001,895 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SolidWorks eDrawings 2010.lnk
[2010/05/03 16:54:11 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Tom Lechner\My Documents\a-metric.xls
[2010/05/03 12:26:09 | 000,040,280 | ---- | M] () -- C:\Documents and Settings\Tom Lechner\My Documents\Fax Precise Finishing.odt
[2010/04/30 15:20:07 | 000,109,823 | ---- | M] () -- C:\WINDOWS\hppins02.dat
[2010/04/30 15:18:43 | 000,000,743 | ---- | M] () -- C:\WINDOWS\hpbvspst.his
[2010/04/30 15:18:43 | 000,000,402 | ---- | M] () -- C:\WINDOWS\hpbvspst.ini
[2010/04/30 15:18:41 | 000,003,667 | ---- | M] () -- C:\WINDOWS\hpbvnstp.his
[2010/04/30 15:18:41 | 000,001,207 | ---- | M] () -- C:\WINDOWS\hpbvnstp.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/26 12:58:45 | 000,091,192 | ---- | M] () -- C:\Documents and Settings\Tom Lechner\My Documents\broken-mcafee-dat-update-cripples-windows-workstations.ars.html
[2010/04/26 12:56:51 | 000,089,859 | ---- | M] () -- C:\Documents and Settings\Tom Lechner\My Documents\91726589.html
[2010/04/26 11:55:43 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Tom Lechner\My Documents\Mcafee3.doc
[2010/04/26 11:03:39 | 000,047,763 | ---- | M] () -- C:\Documents and Settings\Tom Lechner\My Documents\Mcafee3.odt
[2010/04/26 10:53:28 | 000,047,636 | ---- | M] () -- C:\Documents and Settings\Tom Lechner\My Documents\Mcafee2.odt
[2010/04/25 17:51:59 | 000,188,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/25 15:47:05 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/25 15:36:45 | 000,000,579 | ---- | M] () -- C:\Documents and Settings\Tom Lechner\Desktop\Shortcut to projects.lnk
[2010/04/25 15:36:34 | 000,000,560 | ---- | M] () -- C:\Documents and Settings\Tom Lechner\Desktop\Shortcut to Bills.lnk
[2010/04/25 15:33:56 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\Tom Lechner\Desktop\Shortcut to Tom Card.wdb.lnk
[2010/04/25 15:33:49 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\Tom Lechner\Desktop\Shortcut to Sales Pellet.wdb.lnk
[2010/04/25 15:33:43 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\Tom Lechner\Desktop\Shortcut to Sales LM.wdb.lnk
[2010/04/25 15:33:37 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\Tom Lechner\Desktop\Shortcut to Sales 100.wdb.lnk
[2010/04/25 15:33:25 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Tom Lechner\Desktop\Shortcut to Main.wdb.lnk
[2010/04/25 15:23:51 | 000,041,432 | ---- | M] () -- C:\Documents and Settings\Tom Lechner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/25 15:05:34 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\Tom Lechner\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
[2010/04/25 15:05:28 | 000,004,346 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/04/25 15:05:28 | 000,000,737 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/04/25 14:44:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/25 14:41:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\exchng.ini
[2010/04/25 14:18:49 | 000,000,461 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/25 13:45:42 | 000,042,226 | ---- | M] () -- C:\Documents and Settings\Tom Lechner\My Documents\Mcafee1.odt
[2010/04/25 13:40:52 | 000,001,575 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SeaMonkey.lnk
[2010/04/25 13:26:09 | 000,041,998 | ---- | M] () -- C:\Documents and Settings\Tom Lechner\My Documents\Fax Natcity manish1.odt
[2010/04/25 13:24:56 | 000,000,875 | ---- | M] () -- C:\Documents and Settings\Tom Lechner\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/04/25 12:45:56 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2010/04/23 17:51:24 | 000,006,126 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/04/23 17:47:53 | 000,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/23 17:47:53 | 000,382,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/23 17:47:53 | 000,053,838 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/23 17:28:48 | 000,000,012 | ---- | M] () -- C:\WINDOWS\dirsaver.ini
[2010/04/23 16:56:55 | 000,001,617 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Pro Edition 2004.lnk
[2010/04/23 16:56:55 | 000,000,199 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Technical Support.URL
[2010/04/23 16:56:54 | 000,001,872 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2010/04/23 16:48:29 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/04/23 16:15:25 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/04/23 12:01:19 | 000,035,262 | ---- | M] () -- C:\WINDOWS\Tom Lechner.acl
[2010/04/23 11:30:30 | 000,005,947 | ---- | M] () -- C:\WINDOWS\hpbvnstp.hi1
[2010/04/23 11:30:30 | 000,001,568 | ---- | M] () -- C:\WINDOWS\hpbvnstp.bu1
[2010/04/23 09:17:17 | 000,002,071 | ---- | M] () -- C:\WINDOWS\Active Setup Log.BAK
[2010/04/23 03:50:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/04/23 03:50:46 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/04/23 03:50:22 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/04/23 03:50:19 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Registration reminder 1.job
[2010/04/23 03:42:24 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/04/23 03:40:35 | 006,949,178 | -H-- | M] () -- C:\Documents and Settings\Tom Lechner\Local Settings\Application Data\IconCache.db
[2010/04/23 03:40:31 | 000,000,061 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2010/04/23 03:40:27 | 000,000,333 | ---- | M] () -- C:\WINDOWS\System32\$ncsp$.inf
[2010/04/23 03:40:10 | 000,000,272 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/04/23 01:00:02 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2010/04/14 12:29:58 | 000,385,536 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/04/14 12:29:58 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/04/14 12:29:58 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/04/14 12:29:58 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/04/14 12:29:58 | 000,088,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/04/14 12:29:58 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/04/14 12:29:58 | 000,082,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/04/14 12:29:58 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/04/14 12:29:58 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/04/14 12:29:58 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys

========== Files Created - No Company Name ==========

[2010/05/08 17:47:24 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/05/08 17:47:19 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/08 17:42:43 | 003,684,349 | R--- | C] () -- C:\Documents and Settings\Tom Lechner\Desktop\ComboFix.exe
[2010/05/08 17:13:30 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/08 17:13:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/08 17:13:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/08 17:13:30 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/08 17:13:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/08 16:08:00 | 000,018,747 | ---- | C] () -- C:\WINDOWS\System32\HPCEAC06.HPI
[2010/05/08 15:54:07 | 000,130,449 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2010/05/08 15:54:07 | 000,008,138 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2010/05/08 15:38:54 | 000,102,262 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2010/05/08 15:38:49 | 000,017,505 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2010/05/07 18:14:27 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\Tom Lechner\Desktop\NTREGOPT.lnk
[2010/05/07 18:14:27 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\Tom Lechner\Desktop\ERUNT.lnk
[2010/05/07 12:14:59 | 001,818,624 | ---- | C] () -- C:\ffastunT.ffl
[2010/05/06 08:26:07 | 000,000,157 | ---- | C] () -- C:\Documents and Settings\Tom Lechner\Desktop\AT&T Webmail.url
[2010/05/06 08:26:07 | 000,000,155 | ---- | C] () -- C:\Documents and Settings\Tom Lechner\Desktop\AT&T Internet.url
[2010/05/06 08:21:07 | 000,001,953 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AT&T Self Support Tool.lnk
[2010/05/06 07:18:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/05 13:48:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2010/05/05 13:48:18 | 000,001,895 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SolidWorks eDrawings 2010.lnk
[2010/05/03 12:26:08 | 000,040,280 | ---- | C] () -- C:\Documents and Settings\Tom Lechner\My Documents\Fax Precise Finishing.odt
[2010/05/03 10:01:45 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Tom Lechner\My Documents\a-metric.xls
[2010/04/30 15:19:17 | 000,001,026 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/04/30 15:18:44 | 000,109,823 | ---- | C] () -- C:\WINDOWS\hppins02.dat
[2010/04/30 15:18:44 | 000,001,883 | ---- | C] () -- C:\WINDOWS\hppmdl02.dat
[2010/04/30 15:18:41 | 000,000,743 | ---- | C] () -- C:\WINDOWS\hpbvspst.his
[2010/04/30 15:18:41 | 000,000,402 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2010/04/30 15:18:18 | 000,005,947 | ---- | C] () -- C:\WINDOWS\hpbvnstp.hi1
[2010/04/30 15:18:17 | 000,001,568 | ---- | C] () -- C:\WINDOWS\hpbvnstp.bu1
[2010/04/26 12:58:44 | 000,091,192 | ---- | C] () -- C:\Documents and Settings\Tom Lechner\My Documents\broken-mcafee-dat-update-cripples-windows-workstations.ars.html
[2010/04/26 12:56:44 | 000,089,859 | ---- | C] () -- C:\Documents and Settings\Tom Lechner\My Documents\91726589.html
[2010/04/26 11:55:35 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Tom Lechner\My Documents\Mcafee3.doc
[2010/04/26 11:03:39 | 000,047,763 | ---- | C] () -- C:\Documents and Settings\Tom Lechner\My Documents\Mcafee3.odt
[2010/04/26 10:53:27 | 000,047,636 | ---- | C] () -- C:\Documents and Settings\Tom Lechner\My Documents\Mcafee2.odt
[2010/04/25 15:47:05 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/25 15:36:45 | 000,000,579 | ---- | C] () -- C:\Documents and Settings\Tom Lechner\Desktop\Shortcut to projects.lnk
[2010/04/25 15:36:34 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Tom Lechner\Desktop\Shortcut to Bills.lnk
[2010/04/25 15:33:56 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\Tom Lechner\Desktop\Shortcut to Tom Card.wdb.lnk
[2010/04/25 15:33:49 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Tom Lechner\Desktop\Shortcut to Sales Pellet.wdb.lnk
[2010/04/25 15:33:43 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\Tom Lechner\Desktop\Shortcut to Sales LM.wdb.lnk
[2010/04/25 15:33:37 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\Tom Lechner\Desktop\Shortcut to Sales 100.wdb.lnk
[2010/04/25 15:33:25 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\Tom Lechner\Desktop\Shortcut to Main.wdb.lnk
[2010/04/25 15:17:13 | 000,005,143 | -H-- | C] () -- C:\ffastun.ffa
[2010/04/25 15:17:12 | 000,499,712 | -H-- | C] () -- C:\ffastun.ffo
[2010/04/25 15:17:10 | 002,723,840 | -H-- | C] () -- C:\ffastun0.ffx
[2010/04/25 15:08:25 | 001,818,624 | -H-- | C] () -- C:\ffastun.ffl
[2010/04/25 15:05:34 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\Tom Lechner\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
[2010/04/25 14:41:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2010/04/25 13:45:42 | 000,042,226 | ---- | C] () -- C:\Documents and Settings\Tom Lechner\My Documents\Mcafee1.odt
[2010/04/25 13:40:52 | 000,001,575 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SeaMonkey.lnk
[2010/04/25 13:26:08 | 000,041,998 | ---- | C] () -- C:\Documents and Settings\Tom Lechner\My Documents\Fax Natcity manish1.odt
[2010/04/25 13:24:56 | 000,000,875 | ---- | C] () -- C:\Documents and Settings\Tom Lechner\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/04/25 12:45:56 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2010/04/25 12:18:49 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2010/04/23 16:56:55 | 000,001,617 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Pro Edition 2004.lnk
[2010/04/23 16:56:55 | 000,000,199 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Technical Support.URL
[2010/04/23 16:08:45 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/04/23 16:08:38 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/04/23 16:08:00 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/04/23 12:01:19 | 000,035,262 | ---- | C] () -- C:\WINDOWS\Tom Lechner.acl
[2010/04/23 11:30:19 | 000,003,667 | ---- | C] () -- C:\WINDOWS\hpbvnstp.his
[2010/04/23 11:30:19 | 000,001,207 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2010/04/23 11:30:01 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\HPPCPR01.DLL
[2010/04/23 11:30:01 | 000,000,630 | ---- | C] () -- C:\WINDOWS\System32\HPPCPR01.DAT
[2010/04/23 09:17:22 | 000,001,872 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2010/04/23 09:17:16 | 000,002,071 | ---- | C] () -- C:\WINDOWS\Active Setup Log.BAK
[2010/04/23 03:51:24 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Tom Lechner\Local Settings\Application Data\fusioncache.dat
[2010/04/23 03:51:22 | 003,407,872 | -H-- | C] () -- C:\Documents and Settings\Tom Lechner\NTUSER.DAT
[2010/04/23 03:51:22 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Tom Lechner\ntuser.dat.LOG
[2010/04/23 03:51:22 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Tom Lechner\ntuser.ini
[2010/04/23 03:50:46 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/04/23 03:50:46 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2010/04/23 03:50:44 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\ControlWZCS.exe
[2010/04/23 03:50:42 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2010/04/23 03:50:38 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2010/04/23 03:50:24 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\PlugPlayPCIDevice.exe
[2010/04/23 03:50:24 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\MFCFirstRemove.exe
[2010/04/23 03:50:24 | 000,000,766 | ---- | C] () -- C:\WINDOWS\System32\AddRemove.ico
[2010/04/23 03:50:19 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\Registration reminder 1.job
[2010/04/23 03:42:24 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/04/23 03:40:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/04/23 03:36:17 | 2078,527,488 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/23 01:19:01 | 000,001,328 | ---- | C] () -- C:\Documents and Settings\Tom Lechner\Application Data\wklnhst.dat
[2010/04/23 01:00:02 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/11/30 18:16:05 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/11/30 18:16:05 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/11/30 18:16:05 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/11/30 18:16:05 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/11/29 17:52:15 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/11/29 17:22:08 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/11/11 17:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/07 12:00:07 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/07 11:27:47 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2005/11/04 23:07:42 | 000,000,272 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/04 23:05:40 | 000,000,172 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/11/04 23:03:51 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/04 23:03:51 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/04 23:03:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/04 23:03:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/04 23:03:51 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/04 23:03:51 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/04 22:31:32 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2005/11/04 22:27:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/11/04 21:59:49 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/11/04 21:26:52 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/04 19:56:25 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/24 18:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/17 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2010/05/08 20:37:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATTToolbar
[2010/05/07 17:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/05/05 13:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2005/11/04 23:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/05/08 16:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Lechner\Application Data\ATTToolbar
[2010/05/05 13:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Lechner\Application Data\DassaultSystemes
[2010/05/05 13:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Lechner\Application Data\EDrawings
[2010/04/25 13:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Lechner\Application Data\OpenOffice.org
[2010/04/23 01:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Lechner\Application Data\Template
[2005/11/04 22:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Lechner\Application Data\toshiba
[2010/04/23 03:50:19 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 1.job

========== Purity Check ==========


< End of report >
  • 0

#12
Mjöllnir

Mjöllnir

    Trusted Helper

  • Retired Staff
  • 1,207 posts

Can I start cellebrating now?

Almost.


B4 I was concerned about the virus, but (12) hours after I probably got it, I logged onto (2) bank accounts.

I should give you this warning...


WARNING - Your computer has been infected by a Rootkit!

From your log(s), one or more of the identified infections are rootkits. Rootkits are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the author.

If this computer is ever used for online banking, I suggest you do the following IMMEDIATELY:
  • Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change ALL your online passwords for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information. Please refrain from using this computer for online banking / financial purposes until we give it an all clear.

If you want to continue fixing, please follow the steps below.



Let's make sure there are no other issues hiding in there anywhere.



NOTE: This scan can take a while. You might start it when you are not going to be using the computer for several hours.


Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

  • 0

#13
MT Tom

MT Tom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I think this is it.
Stalled & restarted several times (Java interuppted), (screen saver).

Thanks again

Tom

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, May 10, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, May 10, 2010 10:32:20
Records in database: 4090415
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 75682
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 00:13:45

No threats found. Scanned area is clean.

Selected area has been scanned.
  • 0

#14
Mjöllnir

Mjöllnir

    Trusted Helper

  • Retired Staff
  • 1,207 posts
Your log is clean! :)


Now that we've finished cleaning your computer, please follow these last sets of instructions and then you'll be ready to go.


++++++++++++++++++++++++++++++++++++


»»» System Restore Points «««

This will clear any current system restore points that may contain malware, and set a fresh restore point.
  • Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    :Commands
    [clearallrestorepoints]
  • Then click the Run Fix button at the top
  • You may be asked to reboot - if so, choose Yes



»»» Cleanup «««

Remove ComboFix
  • Click the Start button
  • Click Run...
  • Type Combofix /Uninstall in the run dialog box and click OK
Posted Image



Remove Other Tools

  • Open OTL to run it. (Vista users, please right click on OTL and select "Run as administrator")
  • Click on the CleanUp button
  • Click Yes to begin the cleanup process and remove out tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes



Clean Temporary Files
  • Download TFC to your desktop
  • Open the file and close any other windows
  • It will close all programs itself when run - make sure to let it run uninterrupted
  • Click the Start button to begin the process - the program should not take long to finish its job
  • Once it is finished, it should reboot your machine, if not, do this yourself to ensure the cleaning process completes


++++++++++++++++++++++++++++++++++++

Below are links to several programs that will help protect your computer.

Firewalls
If you are using the Windows firewall or not using a firewall at all, I recommend downloading and installing one of the applications below.
Comodo Internet Security - an excellent firewall + antivirus - for Windows XP/Vista/7 (32-bit / 64-bit)
Online Armor Firewall - includes a "Banking Mode" for online banking security - for Windows XP/Vista/7 (32-bit only)
Agnitum Outpost Firewall Free - bi-directional firewall that cannot be shutdown by hackers - Windows 2000, Windows XP/Vista (32-bit / 64-bit)

You may also want to read Understanding and Using Firewalls.
Note that you should NEVER have more than one firewall running on your system, as firewalls can conflict with one another and can cause slow or total loss of your Internet connection.

__________________________________________________________

AntiVirus
If you are not using a good antivirus program, I recommend downloading and installing one of the following applications.
Avira AntiVir Personal Antivirus - reliable monitoring of user and system activity with antirootkit protection - Windows 2000, Windows XP/Vista (32-bit / 64-bit)
avast! - antivirus and anti-spyware with real-time rootkit protection - Windows 2000, Windows XP/Vista/7 (32-bit / 64-bit)
AVG Anti-Virus - includes LinkScanner® to insure safety from harmful web sites - Windows 2000, Windows XP/Vista/7 (32-bit / 64-bit)

Note that you should NEVER have more than one antivirus running on your system, as antivirus applications can conflict with one another, possibly leaving you more susceptible to infection.

__________________________________________________________

Anti-Spyware
I recommend downloading and installing all of the following applications.
SUPERAntiSpyware Free Edition - removes spyware threats that other applications fail to remove - Windows 2000, XP/Media Center/Vista/7 and Windows 2003 Server
Malwarebytes' Anti-Malware - an excellent and must-have tool for keeping your system free of malware - Windows 2000, Windows XP/Vista/7 (32-bit / 64-bit)
Ad-Aware - comprehensive real-time malware protection and rootkit removal system - Windows 2000 Pro, Windows XP (32-bit only), Windows Vista/7 (32-bit / 64-bit)
Microsoft Security Essentials - real-time protection against viruses, spyware, and other malware - Windows XP/Vista/7
a-squared Antivirus + Anti-malware - Malware Intrustion Detection System (IDS) uses behavioral blocking to stop zero-day malware - Windows XP/Vista/7 and Windows 2003/2008 Server (32-bit / 64-bit)
ThreatFire - protects against zero-day malware with real-time behavior-based protection against viruses and other malware - Windows XP/Vista/7 and Windows 2003 Server

__________________________________________________________

Other things to keep in mind.

Windows, Java, and Adobe products should all be kept up-to-date on a regular basis so the latest security fixes are in place on your computer. Please refer to the following links on how to manage these products.
Windows Update (2000/XP) or Windows Update (Vista/7)
Java
Adobe Reader
Adobe Flash Player

Secunia Personal Software Inspector (PSI) - an alternative to the above, Secunia PSI is a FREE security tool designed with the sole purpose of helping you secure your computer against vulnerabilities in programs (includes direct download links for most software updates) - Windows 2000, Windows XP/Vista/7 (32-bit / 64-bit)


Here are a few other applications you might consider. Keeping your temporary file area clean, your Windows registry backed up, and backing up your important data are all good techniques.
TFC - easily clean out all temp folders on your system - Windows XP/Vista/7 (32-bit / 64-bit)
Flush Flash - by Bobbi Flekman - cleans Flash Player cookies - Windows
ERUNT (Emergency Recovery Utility NT) - a registry backup and restore utility - Windows NT/2000/XP/Vista/7, Windows 2000/2003 Server (32-bit/64-bit) - check here for use with Vista/7
F-Backup - a powerful, yet easy to use backup system - Windows XP/Vista/7 and Windows 2000/2003/2008 Server (32-bit / 64-bit)
MSVP Hosts File - block unwanted web sites with this alternate hosts file - All flavors of Windows
McAfee SiteAdvisor - securely surf the web with web site safety ratings (includes integration with your search engine results) - Windows XP/Vista and Internet Explorer 6 (or above) or Firefox 2 (or above)

__________________________________________________________

Please remember that just having these programs is not enough. You must use them. Running a full spyware scan weekly, a full virus scan monthly, and checking for updates and cleaning your temporary files periodically is very important in keeping your computer in tip-top shape.

Finally, please take the time to read the following articles. Applying this information will help prevent future infections:

How to prevent malware by miekiemoes
Preventing Malware and Safe Computing by Rorschach112

This article will help you understand how you may have gotten infected:
How did I get infected in the first place? by Tony Klein and Kat Armstrong

Remember, you have to be smarter than the bad guys! Be safe out there! :)
  • 0

#15
MT Tom

MT Tom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thank You
Thank You

Goodbye?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP