Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer Problems after removing "Fake" AV Security Virus

Started by asiar1 , Jun 30 2010 01:09 PM

  • This topic is locked This topic is locked

#1
asiar1
Posted 30 June 2010 - 01:09 PM

asiar1

    Member

  • Member
  • PipPip
  • 11 posts
Hi,

I'm having major issues with my computer after I removed the "Fake" AV Security Virus 2 weeks ago. I used MBAM and McAfee to remove the virus, but I think there's still some lingering issues/traces of the virus on my computer still. Here's the symptoms I'm having with my computer now: Extremely slow running of programs, IE has pop-up's with sites saying I won something, sometimes when rebooting all my icons, taskbars, and even Start button is extremely small and will not allow any Network connections to operate correctly, and the system automatically crashes and restarts out of the blue.

I went through the steps listed on the forums to get help, but ran into a problem with the GMER program. I downloaded and ran the program, but it froze my computer and crashed it down. I had to manually turn off the computer and tried it a couple of more times and the same result.

Here's what I have done so far:

1.) Ran the TFC program.
2.) Ran ERUNT program.
3.) Ran MBAM program and listed the report below.
4.) Ran McAfee and nothing detected.
5.) Rebooted computer.
6.) Ran GMER program, but computer crashes, so no report available.
7.) Ran OTL program and listed the report below.

OTL Extras logfile created on: 6/30/2010 11:29:40 AM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Judy\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 100.00 Mb Available Physical Memory | 20.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 43.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.54 Gb Total Space | 78.65 Gb Free Space | 70.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NIGEL
Current User Name: Judy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- File not found
"C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine -- File not found
"C:\Documents and Settings\Judy\Local Settings\Temporary Internet Files\Content.IE5\YWH9BNBV\incredimail_install[1].exe" = C:\Documents and Settings\Judy\Local Settings\Temporary Internet Files\Content.IE5\YWH9BNBV\incredimail_install[1].exe:*:Enabled:IncrediMail Installer -- File not found
"C:\Program Files\IncrediMail\bin\IMApp.exe" = C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\UVU\UVU Media Player\HSAudioPlayer.exe" = C:\Program Files\UVU\UVU Media Player\HSAudioPlayer.exe:*:Enabled:UVU Media Player -- File not found
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\UVU\UVU Media Player\UVUMediaPlayer.exe" = C:\Program Files\UVU\UVU Media Player\UVUMediaPlayer.exe:*:Enabled:UVU Media Player -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{070B059B-F742-4532-B9D1-11E1E3887C6C}" = BlackBerry Device Software Updater
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{30E239F4-AEF9-4EAC-A87B-625D05190917}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8110 smartphone
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{45FCADDB-0B29-457E-83A1-D245C62A716C}" = OLYMPUS Master 2
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}" = Roxio Media Manager
"{624880EA-7610-47B6-B4A6-40DD83DB1AB4}" = McAfee Anti-Theft
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{67F7CD26-B4F2-4B5C-A382-60AF6742FC5D}" = Dora saves the Crystal Kingdom
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8F1A20DC-251D-47B0-91B7-DCA2523EE6C9}" = McAfee Virtual Technician
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B3282FB8-874B-4054-8356-9EB391A826F9}" = OLYMPUS muvee theaterPack
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BE3F89C0-42D5-11D5-A40A-00105AC8331A}" = Metamail (Toshiba Registration Utility)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F20D2884-D854-48A7-B0F0-2921F3A23F81}" = BlackBerry Desktop Software 4.3
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6B2ED65-7378-4065-802D-F2E5689F3A4E}" = Photo Viewer
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Audit Support Center" = Audit Support Center 1.0
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BlackBerry_{F20D2884-D854-48A7-B0F0-2921F3A23F81}" = BlackBerry Desktop Software 4.3
"Dynex VF0500" = Dynex 1.3MP Webcam Driver (1.00.03.0000)
"Dynex Webcam User's Guide" = Dynex Webcam User's Guide
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"EPSON NX100 Series" = EPSON NX100 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"Live! Cam Center" = Live! Cam Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee Total Protection
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"PhoTagsExpress" = PhoTags Express
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.7.3.1894
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TOSHIBA TV Tuner" = TOSHIBA TV Tuner 4.0.12.73
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Extras
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Music Engine" = Yahoo! Music Jukebox
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/24/2010 11:25:18 PM | Computer Name = NIGEL | Source = MPSampleSubmission | ID = 5000
Description =

Error - 6/25/2010 3:21:37 AM | Computer Name = NIGEL | Source = MPSampleSubmission | ID = 5000
Description =

Error - 6/26/2010 1:33:23 PM | Computer Name = NIGEL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 6/26/2010 1:33:27 PM | Computer Name = NIGEL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 6/27/2010 1:45:57 PM | Computer Name = NIGEL | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x8007041d.

Error - 6/27/2010 2:03:28 PM | Computer Name = NIGEL | Source = MPSampleSubmission | ID = 5000
Description =

Error - 6/30/2010 2:54:37 AM | Computer Name = NIGEL | Source = MPSampleSubmission | ID = 5000
Description =

Error - 6/30/2010 11:38:48 AM | Computer Name = NIGEL | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 8007041d: InitEventCollector fail

Error - 6/30/2010 11:55:40 AM | Computer Name = NIGEL | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 8007041d: InitEventCollector fail

Error - 6/30/2010 12:15:44 PM | Computer Name = NIGEL | Source = VSS | ID = 12302
Description = Volume Shadow Copy Service error: An internal inconsistency was detected
in trying to contact shadow copy service writers. Please check to see that the
Event Service and Volume Shadow Copy Service are operating properly.

[ System Events ]
Error - 6/30/2010 12:03:09 PM | Computer Name = NIGEL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Cryptographic Services
service to connect.

Error - 6/30/2010 12:03:09 PM | Computer Name = NIGEL | Source = Service Control Manager | ID = 7000
Description = The Cryptographic Services service failed to start due to the following
error: %%1053

Error - 6/30/2010 12:03:09 PM | Computer Name = NIGEL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Logical Disk Manager
service to connect.

Error - 6/30/2010 12:03:09 PM | Computer Name = NIGEL | Source = Service Control Manager | ID = 7000
Description = The Logical Disk Manager service failed to start due to the following
error: %%1053

Error - 6/30/2010 12:03:09 PM | Computer Name = NIGEL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Error Reporting Service
service to connect.

Error - 6/30/2010 12:03:09 PM | Computer Name = NIGEL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the COM+ Event System service
to connect.

Error - 6/30/2010 12:03:09 PM | Computer Name = NIGEL | Source = Service Control Manager | ID = 7000
Description = The COM+ Event System service failed to start due to the following
error: %%1053

Error - 6/30/2010 12:03:09 PM | Computer Name = NIGEL | Source = Service Control Manager | ID = 7001
Description = The System Event Notification service depends on the COM+ Event System
service which failed to start because of the following error: %%1053

Error - 6/30/2010 12:04:59 PM | Computer Name = NIGEL | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 6/30/2010 12:22:38 PM | Computer Name = NIGEL | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.


< End of report >


Any help will be GREATLY appreciated!!!

Attached Files


Edited by Essexboy, 30 June 2010 - 01:54 PM.

  • 0

Advertisements

#2
mpascal
Posted 06 July 2010 - 05:21 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi asiar1,

Welcome to Geeks To Go!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like give a few guidelines so that we can fix your problem as quickly and efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.
As it has been a few days, I'm going to need some fresh logs. Please run the following:

STEP 1 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 2 - GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.

STEP 3 - OTL

Open OTL. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Change the Standard Registry and Extra Registry options to Use Safelist.
  • Check the boxes beside LOP Check and Purity Check.
  • In the Custom Scans box, copy and paste the following:
    netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window. OTL.Txt.This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.
STEP 4 - Reply

Please reply with the following logs:
  • MBAM Log
  • OTL Log
  • GMER Log

  • 0

#3
asiar1
Posted 06 July 2010 - 10:04 PM

asiar1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi Mpascal,

I'm still having problems with the GMER program. It's freezing up my computer and shutting it down. Any thoughts on how I can complete that step? Here's the logs for MBAM and OTL. See attached.

Attached Files


  • 0

#4
mpascal
Posted 06 July 2010 - 10:07 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Try running GMER with just Sections and Files checked.
  • 0

#5
asiar1
Posted 07 July 2010 - 11:19 AM

asiar1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi Mpascal,

I have been trying all night and all morning to get the GMER to run, but it's been freezing up my computer! This morning I thought it was working, but it went through an 1 hour of my files, then froze up again. My entire screen goes dark and my cursor goes away and it just sits there with my fan running constantly. I'm trying, but the GMER isn't working on my computer. Is there anything else I could use? Let me know what you think.

Also, I'm getting tons of pop-up's now with my IE when opening up a window.

Thanks for you assistance....I'm GREATLY thankful for all of your help!!!
  • 0

#6
mpascal
Posted 07 July 2010 - 03:01 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi there,

Skip GMER for now, we might not need it anyways.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
  • 0

#7
asiar1
Posted 07 July 2010 - 06:48 PM

asiar1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi Mpascal,

This one worked!!! Here's the log:

Thanks again for all of your help!!!

ComboFix 10-07-06.05 - Judy 07/07/2010 17:17:59.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.62 [GMT -5:00]
Running from: c:\documents and settings\Judy\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Thumbs.db
c:\windows\system32\2617176621.dat
c:\windows\system32\Thumbs.db
c:\windows\system32\tmp.reg
c:\windows\xpsp1hfm.log

Infected copy of c:\windows\system32\drivers\ipsec.sys was found and disinfected
Restored copy from - Kitty had a snack :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EHSCHEDNETDDE
-------\Legacy_RASAUTOWSCSVC
-------\Service_ehSchedNetDDE
-------\Service_RasAutowscsvc


((((((((((((((((((((((((( Files Created from 2010-06-08 to 2010-07-08 )))))))))))))))))))))))))))))))
.

2010-07-07 23:23 . 2010-07-07 23:23 -------- d-----w- c:\windows\LastGood
2010-07-07 22:38 . 2010-07-07 22:38 32 ----a-w- c:\windows\system32\2617176621.dat
2010-07-07 18:25 . 2010-07-07 18:25 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-06-30 14:38 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-30 14:38 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-30 14:35 . 2010-06-30 14:35 -------- d-----w- c:\program files\ERUNT
2010-06-22 13:55 . 2010-06-22 13:55 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-14 16:00 . 2010-06-14 16:00 -------- d-----w- c:\documents and settings\Judy\Application Data\SUPERAntiSpyware.com
2010-06-11 14:00 . 2010-06-11 14:00 -------- d-----w- c:\documents and settings\Judy\Local Settings\Application Data\PCHealth
2010-06-10 23:56 . 2010-06-10 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2010-06-10 23:47 . 2010-06-10 23:47 -------- d-----w- c:\program files\Citrix
2010-06-10 23:46 . 2010-06-10 23:46 -------- d-----w- c:\documents and settings\Judy\Local Settings\Application Data\Citrix
2010-06-10 22:27 . 2010-06-10 22:28 -------- d-----w- c:\program files\McAfeeMOBK
2010-06-10 22:25 . 2010-02-06 02:13 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2010-06-10 22:23 . 2010-06-10 22:25 -------- d-----w- c:\program files\McAfee Online Backup
2010-06-09 22:41 . 2010-06-11 13:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-09 22:41 . 2010-06-11 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-09 19:56 . 2010-06-09 19:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\McAfee
2010-06-09 18:26 . 2010-06-09 18:26 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-06-09 16:45 . 2010-06-09 16:45 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-06-09 06:58 . 2010-06-09 06:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2010-06-09 02:15 . 2010-06-09 21:10 -------- d-----w- c:\documents and settings\Judy\Local Settings\Application Data\ncsawcan
2010-06-09 01:53 . 2010-05-21 19:14 221568 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-07 18:24 . 2006-02-25 07:02 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-30 14:38 . 2010-05-14 19:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-16 15:25 . 2010-06-14 16:01 63488 ----a-w- c:\documents and settings\Judy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-16 15:25 . 2010-06-14 16:01 117760 ----a-w- c:\documents and settings\Judy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-14 16:01 . 2010-06-14 16:01 52224 ----a-w- c:\documents and settings\Judy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-11 13:13 . 2007-10-01 20:44 -------- d-----w- c:\program files\Windows Live Safety Center
2010-06-10 23:25 . 2010-06-10 23:25 300384 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\Supportability\Content\MVT\XMLFiles\detect.dll
2010-06-10 23:25 . 2009-11-14 18:09 300384 ----a-w- c:\documents and settings\Judy\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2010-06-10 23:07 . 2010-06-10 23:07 49152 ----a-r- c:\documents and settings\Judy\Application Data\Microsoft\Installer\{8F1A20DC-251D-47B0-91B7-DCA2523EE6C9}\Icon49FA793C.exe
2010-06-09 20:04 . 2008-08-18 13:32 -------- d-----w- c:\program files\PhoTags Express
2010-05-22 04:40 . 2009-09-15 16:12 -------- d-----w- c:\program files\McAfee
2010-05-22 04:40 . 2009-11-14 03:41 -------- d-----w- c:\documents and settings\Judy\Application Data\McAfee
2010-05-21 00:57 . 2010-01-30 15:42 -------- d-----w- c:\documents and settings\Judy\Application Data\Skype
2010-05-21 00:44 . 2010-01-30 15:45 -------- d-----w- c:\documents and settings\Judy\Application Data\skypePM
2010-05-14 19:05 . 2010-05-14 19:05 -------- d-----w- c:\documents and settings\Judy\Application Data\Malwarebytes
2010-05-14 19:04 . 2010-05-14 19:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-14 18:10 . 2009-11-16 22:53 -------- d-----w- c:\program files\McAfee.com
2010-05-14 15:52 . 2009-09-15 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-14 15:50 . 2009-11-16 22:53 -------- d-----w- c:\program files\Common Files\McAfee
2010-05-14 14:43 . 2010-05-14 14:43 75264 ----a-w- c:\windows\system32\drivers\xudfvziu.sys
2010-05-09 21:39 . 2008-09-28 03:20 256 ----a-w- c:\windows\system32\pool.bin
2010-05-09 20:25 . 2010-05-09 20:25 53248 ----a-r- c:\documents and settings\Judy\Application Data\Microsoft\Installer\{070B059B-F742-4532-B9D1-11E1E3887C6C}\ARPPRODUCTICON.exe
2010-04-27 22:16 . 2010-05-14 15:43 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-04-27 22:16 . 2010-05-14 15:43 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-04-27 22:16 . 2010-05-14 15:43 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-04-27 22:16 . 2010-05-14 15:43 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-04-27 22:16 . 2010-05-14 15:43 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-04-27 22:16 . 2010-05-14 15:43 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-04-27 22:16 . 2010-05-14 15:43 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-04-27 22:16 . 2009-11-16 22:55 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-27 22:16 . 2009-11-16 22:55 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-27 22:16 . 2009-11-16 22:55 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-04-11 23:12 . 2010-04-11 23:12 249856 ------w- c:\windows\Setup1.exe
2010-04-11 23:11 . 2010-04-11 23:11 73216 ----a-w- c:\windows\ST6UNST.EXE
2006-08-30 02:27 . 2006-08-30 02:27 251 ----a-w- c:\program files\wt3d.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-02-06 02:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-02-06 02:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-02-06 02:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-11-07 95536]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-11-07 54576]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"V0500Mon.exe"="c:\windows\V0500Mon.exe" [2007-11-03 32768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-05 202256]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-21 1193336]
"McPvTray"="c:\program files\McAfee\Anti-Theft\McPvTray.exe" [2009-11-17 670312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Nigel's Laptop\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Metamail Trust Manager.lnk - c:\program files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe [2006-6-5 329472]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 21:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2008-02-15 17:46 135168 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2006-08-02 05:32 696320 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2006-08-02 05:38 802816 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2005-04-27 00:13 122880 ----a-w- c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-12-16 08:32 761945 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2005-12-16 08:34 82009 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TDispVol]
2005-03-11 23:03 73728 ----a-w- c:\windows\system32\TDispVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
2006-01-05 22:02 352256 ----a-w- c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
2004-12-30 08:32 65536 ----a-w- c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
2005-06-01 05:00 282624 ----a-w- c:\windows\system32\TPSMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
2005-11-30 20:25 73728 ----a-w- c:\program files\TOSHIBA\Tvs\TvsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [5/14/2010 10:43 AM 82952]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [6/10/2010 5:25 PM 54776]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/16/2009 6:00 PM 210216]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [5/14/2010 10:42 AM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [5/14/2010 10:42 AM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [5/14/2010 10:43 AM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [5/14/2010 10:43 AM 141792]
R2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [2/5/2010 9:14 PM 229688]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 6:31 AM 92008]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [5/14/2010 10:43 AM 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [5/14/2010 10:43 AM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [5/14/2010 10:43 AM 88480]
S2 McAfeeMcProxy;McAfee SiteAdvisor Service McAfeeMcProxy;c:\windows\system32\aaaamony.exe srv --> c:\windows\system32\aaaamony.exe srv [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [5/14/2010 10:43 AM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [5/14/2010 10:43 AM 83496]
S3 V0500Dev;Dynex 1.3MP Webcam Driver;c:\windows\system32\drivers\V0500Vid.sys [1/29/2010 11:32 PM 251264]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2010-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-07-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2102392488-2322073675-3800741003-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-06-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2102392488-2322073675-3800741003-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:1055
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: internet
Trusted Zone: mcafee.com
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKCU-Run-Exetender - c:\program files\Verizon Games on Demand Player\GPlayer.exe
MSConfigStartUp-TFncKy - TFncKy.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-07 19:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2102392488-2322073675-3800741003-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-2102392488-2322073675-3800741003-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:00000003

[HKEY_USERS\S-1-5-21-2102392488-2322073675-3800741003-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:00000003

[HKEY_USERS\S-1-5-21-2102392488-2322073675-3800741003-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:00000007

[HKEY_USERS\S-1-5-21-2102392488-2322073675-3800741003-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2884)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\McAfee Online Backup\MOBKshell.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\dllhost.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\progra~1\METAMA~1\METAMA~1\METAMA~2.EXE
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-07-07 19:44:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-08 00:44

Pre-Run: 84,102,803,456 bytes free
Post-Run: 84,130,480,128 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - C9020545FE74662B4B3FB447F40C1808

[edited to open log ~ mp]

Attached Files


Edited by mpascal, 07 July 2010 - 11:47 PM.

  • 0

#8
mpascal
Posted 07 July 2010 - 11:50 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi there,

Close any open browsers, and close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open notepad and copy/paste the text in the codebox below into it:

File::
c:\windows\system32\2617176621.dat
c:\windows\system32\drivers\xudfvziu.sys
  • Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#9
asiar1
Posted 08 July 2010 - 08:42 PM

asiar1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi Mpascal,

I just ran the ComboFix again with the new files you wanted me to add. Here's the log.

ComboFix 10-07-07.02 - Judy 07/08/2010 21:14:02.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.59 [GMT -5:00]
Running from: c:\documents and settings\Judy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Judy\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active


FILE ::
"c:\windows\system32\2617176621.dat"
"c:\windows\system32\drivers\xudfvziu.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\2617176621.dat
c:\windows\system32\drivers\xudfvziu.sys

.
((((((((((((((((((((((((( Files Created from 2010-06-09 to 2010-07-09 )))))))))))))))))))))))))))))))
.

2010-07-09 01:45 . 2010-07-09 01:45 -------- d-----w- c:\windows\LastGood
2010-07-07 23:25 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-07 18:25 . 2010-07-07 18:25 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-06-30 14:38 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-30 14:38 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-30 14:35 . 2010-06-30 14:35 -------- d-----w- c:\program files\ERUNT
2010-06-22 13:55 . 2010-06-22 13:55 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-14 16:00 . 2010-06-14 16:00 -------- d-----w- c:\documents and settings\Judy\Application Data\SUPERAntiSpyware.com
2010-06-11 14:00 . 2010-06-11 14:00 -------- d-----w- c:\documents and settings\Judy\Local Settings\Application Data\PCHealth
2010-06-10 23:56 . 2010-06-10 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2010-06-10 23:47 . 2010-06-10 23:47 -------- d-----w- c:\program files\Citrix
2010-06-10 23:46 . 2010-06-10 23:46 -------- d-----w- c:\documents and settings\Judy\Local Settings\Application Data\Citrix
2010-06-10 22:27 . 2010-06-10 22:28 -------- d-----w- c:\program files\McAfeeMOBK
2010-06-10 22:25 . 2010-02-06 02:13 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2010-06-10 22:23 . 2010-06-10 22:25 -------- d-----w- c:\program files\McAfee Online Backup
2010-06-09 22:41 . 2010-06-11 13:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-09 22:41 . 2010-06-11 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-09 19:56 . 2010-06-09 19:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\McAfee
2010-06-09 18:26 . 2010-06-09 18:26 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-06-09 16:45 . 2010-06-09 16:45 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-06-09 06:58 . 2010-06-09 06:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-07 18:24 . 2006-02-25 07:02 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-30 14:38 . 2010-05-14 19:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-16 15:25 . 2010-06-14 16:01 63488 ----a-w- c:\documents and settings\Judy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-16 15:25 . 2010-06-14 16:01 117760 ----a-w- c:\documents and settings\Judy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-14 16:01 . 2010-06-14 16:01 52224 ----a-w- c:\documents and settings\Judy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-11 13:13 . 2007-10-01 20:44 -------- d-----w- c:\program files\Windows Live Safety Center
2010-06-10 23:25 . 2010-06-10 23:25 300384 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\Supportability\Content\MVT\XMLFiles\detect.dll
2010-06-10 23:25 . 2009-11-14 18:09 300384 ----a-w- c:\documents and settings\Judy\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2010-06-10 23:07 . 2010-06-10 23:07 49152 ----a-r- c:\documents and settings\Judy\Application Data\Microsoft\Installer\{8F1A20DC-251D-47B0-91B7-DCA2523EE6C9}\Icon49FA793C.exe
2010-06-09 20:04 . 2008-08-18 13:32 -------- d-----w- c:\program files\PhoTags Express
2010-05-22 04:40 . 2009-09-15 16:12 -------- d-----w- c:\program files\McAfee
2010-05-22 04:40 . 2009-11-14 03:41 -------- d-----w- c:\documents and settings\Judy\Application Data\McAfee
2010-05-21 19:14 . 2010-06-09 01:53 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 00:57 . 2010-01-30 15:42 -------- d-----w- c:\documents and settings\Judy\Application Data\Skype
2010-05-21 00:44 . 2010-01-30 15:45 -------- d-----w- c:\documents and settings\Judy\Application Data\skypePM
2010-05-14 19:05 . 2010-05-14 19:05 -------- d-----w- c:\documents and settings\Judy\Application Data\Malwarebytes
2010-05-14 19:04 . 2010-05-14 19:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-14 18:10 . 2009-11-16 22:53 -------- d-----w- c:\program files\McAfee.com
2010-05-14 15:52 . 2009-09-15 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-14 15:50 . 2009-11-16 22:53 -------- d-----w- c:\program files\Common Files\McAfee
2010-05-09 21:39 . 2008-09-28 03:20 256 ----a-w- c:\windows\system32\pool.bin
2010-05-09 20:25 . 2010-05-09 20:25 53248 ----a-r- c:\documents and settings\Judy\Application Data\Microsoft\Installer\{070B059B-F742-4532-B9D1-11E1E3887C6C}\ARPPRODUCTICON.exe
2010-05-06 10:41 . 2006-02-15 14:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2006-02-15 14:04 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 22:16 . 2010-05-14 15:43 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-04-27 22:16 . 2010-05-14 15:43 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-04-27 22:16 . 2010-05-14 15:43 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-04-27 22:16 . 2010-05-14 15:43 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-04-27 22:16 . 2010-05-14 15:43 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-04-27 22:16 . 2010-05-14 15:43 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-04-27 22:16 . 2010-05-14 15:43 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-04-27 22:16 . 2009-11-16 22:55 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-27 22:16 . 2009-11-16 22:55 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-27 22:16 . 2009-11-16 22:55 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-04-20 05:30 . 2006-02-15 14:02 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-11 23:12 . 2010-04-11 23:12 249856 ------w- c:\windows\Setup1.exe
2010-04-11 23:11 . 2010-04-11 23:11 73216 ----a-w- c:\windows\ST6UNST.EXE
2006-08-30 02:27 . 2006-08-30 02:27 251 ----a-w- c:\program files\wt3d.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-02-06 02:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-02-06 02:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-02-06 02:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-11-07 95536]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-11-07 54576]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"V0500Mon.exe"="c:\windows\V0500Mon.exe" [2007-11-03 32768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-05 202256]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-21 1193336]
"McPvTray"="c:\program files\McAfee\Anti-Theft\McPvTray.exe" [2009-11-17 670312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Nigel's Laptop\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Metamail Trust Manager.lnk - c:\program files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe [2006-6-5 329472]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 21:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2008-02-15 17:46 135168 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2006-08-02 05:32 696320 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2006-08-02 05:38 802816 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2005-04-27 00:13 122880 ----a-w- c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-12-16 08:32 761945 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2005-12-16 08:34 82009 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TDispVol]
2005-03-11 23:03 73728 ----a-w- c:\windows\system32\TDispVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
2006-01-05 22:02 352256 ----a-w- c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
2004-12-30 08:32 65536 ----a-w- c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
2005-06-01 05:00 282624 ----a-w- c:\windows\system32\TPSMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
2005-11-30 20:25 73728 ----a-w- c:\program files\TOSHIBA\Tvs\TvsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [5/14/2010 10:43 AM 82952]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [6/10/2010 5:25 PM 54776]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/16/2009 6:00 PM 210216]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [5/14/2010 10:42 AM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [5/14/2010 10:42 AM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [5/14/2010 10:43 AM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [5/14/2010 10:43 AM 141792]
R2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [2/5/2010 9:14 PM 229688]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 6:31 AM 92008]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [5/14/2010 10:43 AM 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [5/14/2010 10:43 AM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [5/14/2010 10:43 AM 88480]
S2 0049161278639947mcinstcleanup;McAfee Application Installer Cleanup (0049161278639947);c:\windows\TEMP\004916~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\004916~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 McAfeeMcProxy;McAfee SiteAdvisor Service McAfeeMcProxy;c:\windows\system32\aaaamony.exe srv --> c:\windows\system32\aaaamony.exe srv [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [5/14/2010 10:43 AM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [5/14/2010 10:43 AM 83496]
S3 V0500Dev;Dynex 1.3MP Webcam Driver;c:\windows\system32\drivers\V0500Vid.sys [1/29/2010 11:32 PM 251264]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2010-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-07-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2102392488-2322073675-3800741003-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-06-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2102392488-2322073675-3800741003-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:1055
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: internet
Trusted Zone: mcafee.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-08 21:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2102392488-2322073675-3800741003-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-2102392488-2322073675-3800741003-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:00000003

[HKEY_USERS\S-1-5-21-2102392488-2322073675-3800741003-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:00000003

[HKEY_USERS\S-1-5-21-2102392488-2322073675-3800741003-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:00000007

[HKEY_USERS\S-1-5-21-2102392488-2322073675-3800741003-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1424)
c:\windows\system32\igfxdev.dll
.
Completion time: 2010-07-08 21:36:53
ComboFix-quarantined-files.txt 2010-07-09 02:36
ComboFix2.txt 2010-07-08 00:44

Pre-Run: 83,080,097,792 bytes free
Post-Run: 83,150,241,792 bytes free

- - End Of File - - F7510786A7383EA742B4E9BA0003EFC7

[edited to open log ~ mp]

Attached Files


Edited by mpascal, 08 July 2010 - 09:05 PM.

  • 0

#10
mpascal
Posted 08 July 2010 - 09:08 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi there,

STEP 1 - TFC

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
STEP 2 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
STEP 4 - Reply

Please reply with the following log:
  • MBAM Log
  • Kaspersky Log

  • 0

Advertisements

#11
asiar1
Posted 09 July 2010 - 01:40 PM

asiar1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi Mpascal,

I'm having problems with the Kaspersky Online Scanner program. When I click on the link you provided me, it have to Accept the agreement and then it goes to Update the program....then I get a pop-up window advising that I need to Launch the Java Program on an uninterrupted internet connection. I then hard connected my computer and it's giving me the same error message. I just can't get past the update part.

I completed the TFC and the MBAM portion. Here's my MBAM log.

Attached Files


  • 0

#12
mpascal
Posted 10 July 2010 - 12:51 AM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi there,

I'll give you an alternative, this one you just have to download. This scan may take a while, so I suggest maybe leaving it on overnight or something.

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.
alternate download link
Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the anti-virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

  • 0

#13
asiar1
Posted 10 July 2010 - 08:39 PM

asiar1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi Mpascal,

Whew....finally, this just now completed. It took over 12 hours to complete. Here's a copy of the log.

Thanks again!!!

Attached Files


  • 0

#14
mpascal
Posted 11 July 2010 - 08:28 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi there,

Nothing to concern with there, are you still having any problems?

Open up OTL and push the Quickscan button. Post the resulting log here.
  • 0

#15
asiar1
Posted 11 July 2010 - 09:42 PM

asiar1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi Mpascal,

Thanks again for all of your help!!! Here's the OTL Log. Also, looks like the pop-up's went away, but my system is extremely slow. I think that the virus I had jacked up my system. Any suggestions on a good program to run to help clean up my system to make it run fast again?

Thanks again!!!

OTL logfile created on: 7/11/2010 10:25:13 PM - Run 3
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Judy\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 168.00 Mb Available Physical Memory | 33.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 48.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.54 Gb Total Space | 77.22 Gb Free Space | 69.23% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NIGEL
Current User Name: Judy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Judy\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Anti-Theft\McPvTray.exe (McAfee)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
PRC - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\V0500Mon.exe (Creative Technology Ltd.)
PRC - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Metamail Inc\Metamail Reader\Metamail Secure Server.exe (Metamail Corp.)
PRC - C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe (Metamail Corp.)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Judy\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll ()
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (0049161278639947mcinstcleanup) McAfee Application Installer Cleanup (0049161278639947) -- File not found
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (McAfeeMcProxy) -- C:\WINDOWS\System32\aaaamony.exe ()
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (TAPPSRV) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
SRV - (Swupdtmr) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)


========== Driver Services (SafeList) ==========

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MOBKFilter) -- C:\WINDOWS\system32\drivers\MOBK.sys (Mozy, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (V0500Dev) -- C:\WINDOWS\system32\drivers\V0500Vid.sys (Creative Technology Ltd.)
DRV - (SQTECH905C) -- C:\WINDOWS\system32\drivers\Capt905c.sys (Service & Quality Technology.)
DRV - (elagopro) -- C:\WINDOWS\system32\drivers\elagopro.sys (Gteko Ltd.)
DRV - (elaunidr) -- C:\WINDOWS\system32\drivers\elaunidr.sys (Gteko Ltd.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (NETw3x32) Intel® -- C:\WINDOWS\system32\drivers\NETw3x32.sys (Intel® Corporation)
DRV - (SAMFILT) -- C:\WINDOWS\system32\drivers\samfilt.sys (Dolphin, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (Tvs) -- C:\WINDOWS\system32\drivers\Tvs.sys (TOSHIBA Corporation)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (TVALD) -- C:\WINDOWS\system32\drivers\NBSMI.sys (Toshiba Corporation)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (BVRP Software)
DRV - (e1express) Intel® -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (tbiosdrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)
DRV - (SABProcEnum) -- C:\WINDOWS\system32\sabprocenum.sys (SuperAdBlocker.com)
DRV - (KR10N) -- C:\WINDOWS\system32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 50 59 4D DB 08 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1055

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/03/02 16:29:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/05 08:26:35 | 000,000,000 | ---D | M]

[2009/11/28 13:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judy\Application Data\Mozilla\Extensions
[2009/11/28 13:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judy\Application Data\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2010/07/08 21:28:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100518135744.dll (McAfee, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (no name) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [McPvTray] C:\Program Files\McAfee\Anti-Theft\McPvTray.exe (McAfee)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [V0500Mon.exe] C:\WINDOWS\V0500Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla\4.0 ( File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Metamail Trust Manager.lnk = C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe (Metamail Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1191264340014 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.182.208.5 69.60.160.196
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Judy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Judy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/15 10:38:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/10 10:00:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Judy\DoctorWeb
[2010/07/09 21:56:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/07/09 21:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/08 22:18:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/07 17:04:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/07 16:59:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/07 16:59:37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/07 16:59:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/07 16:59:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/07 16:40:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/07 13:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/06/30 11:28:54 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Judy\Desktop\OTL.exe
[2010/06/30 09:38:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/30 09:38:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/30 09:36:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/30 09:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/30 08:53:07 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Judy\Desktop\erunt_setup.exe
[2010/06/30 08:52:35 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Judy\Desktop\TFC.exe
[2010/06/14 11:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Judy\Application Data\SUPERAntiSpyware.com
[2010/06/11 09:00:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Judy\Local Settings\Application Data\PCHealth
[2010/06/10 18:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/06/10 18:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2010/06/10 18:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Judy\Local Settings\Application Data\Citrix
[2010/06/10 17:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeMOBK
[2010/06/10 17:25:28 | 000,054,776 | ---- | C] (Mozy, Inc.) -- C:\WINDOWS\System32\drivers\MOBK.sys
[2010/06/10 17:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Online Backup
[2010/06/09 17:41:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/09 17:41:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/06/09 01:58:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2010/06/08 21:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Judy\Local Settings\Application Data\ncsawcan
[2010/06/07 20:21:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/05/31 20:01:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Judy\My Documents\Asia's scrapbook
[2010/05/22 20:40:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/05/21 23:40:40 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Judy\My Documents\McAfee Vaults
[2010/05/21 13:51:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/20 19:31:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/05/14 14:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Judy\Application Data\Malwarebytes
[2010/05/14 14:04:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/14 14:04:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/14 10:43:23 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/05/14 10:43:06 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/05/14 10:43:06 | 000,088,480 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/05/14 10:43:06 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/05/14 10:43:06 | 000,082,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/05/14 10:43:05 | 000,095,568 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/05/14 10:43:05 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/05/13 14:00:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/05/13 11:12:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/13 11:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/13 11:04:02 | 000,000,000 | ---D | C] -- C:\8343c44399986dc605fb4cfe
[2010/04/13 12:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Judy\My Documents\Live! Cam Center
[2010/04/13 12:11:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Judy\Application Data\Creative
[2006/02/15 11:25:00 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll

========== Files - Modified Within 90 Days ==========

[2010/07/10 21:29:48 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\Judy\NTUSER.DAT
[2010/07/10 21:27:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/10 21:27:33 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2102392488-2322073675-3800741003-1006.job
[2010/07/10 21:23:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/10 21:22:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/10 21:22:53 | 526,438,400 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/10 21:21:33 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Judy\ntuser.ini
[2010/07/10 21:20:06 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\Judy\Desktop\DrWeb_071010.csv
[2010/07/10 09:47:01 | 042,730,616 | ---- | M] () -- C:\Documents and Settings\Judy\Desktop\4k8t247w.exe
[2010/07/09 22:03:48 | 000,000,032 | --S- | M] () -- C:\WINDOWS\System32\2617176621.dat
[2010/07/09 08:49:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2102392488-2322073675-3800741003-1006.job
[2010/07/08 21:28:51 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/08 21:28:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/08 21:08:22 | 003,728,433 | R--- | M] () -- C:\Documents and Settings\Judy\Desktop\ComboFix.exe
[2010/07/08 17:56:38 | 000,235,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/08 07:24:20 | 000,000,855 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/08 07:21:58 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/08 07:08:40 | 000,508,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/08 07:08:40 | 000,446,360 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/08 07:08:40 | 000,073,400 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/08 07:01:02 | 002,005,204 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/07/07 17:04:56 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/07/07 13:24:56 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/07 08:31:41 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Judy\Desktop\gmer.zip
[2010/07/06 22:20:42 | 000,581,419 | ---- | M] () -- C:\Documents and Settings\Judy\Desktop\Computer Problems after removing Fake AV Security Virus.mht
[2010/07/06 17:17:44 | 002,153,152 | -H-- | M] () -- C:\Documents and Settings\Judy\Local Settings\Application Data\IconCache.db
[2010/06/30 11:27:35 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Judy\Desktop\OTL.exe
[2010/06/30 09:38:40 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/30 09:35:47 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\Judy\Desktop\NTREGOPT.lnk
[2010/06/30 09:35:47 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\Judy\Desktop\ERUNT.lnk
[2010/06/30 08:53:09 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Judy\Desktop\erunt_setup.exe
[2010/06/30 08:51:58 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Judy\Desktop\TFC.exe
[2010/06/30 08:38:37 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\Judy\Desktop\HijackThis.lnk
[2010/06/22 08:55:17 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/16 21:20:51 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/15 22:10:26 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Judy\Desktop\Pay Raise.doc
[2010/06/10 16:04:19 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Judy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/21 23:40:38 | 000,001,814 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Anti-Theft.lnk
[2010/05/21 08:57:06 | 000,186,932 | ---- | M] () -- C:\Documents and Settings\Judy\Desktop\KickIt Soccer Rules.pdf
[2010/05/20 19:56:15 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/05/13 11:32:07 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/05/09 16:39:32 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/04/27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/04/27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/04/27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/04/27 17:16:24 | 000,082,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/04/27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/04/27 17:16:24 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/04/26 18:13:09 | 000,020,759 | ---- | M] () -- C:\Documents and Settings\Judy\Desktop\medical_release_form.pdf
[2010/04/26 18:12:51 | 000,074,499 | ---- | M] () -- C:\Documents and Settings\Judy\Desktop\youth_guest_player_release[1].pdf
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/26 08:47:06 | 000,002,541 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dora saves the Crystal Kingdom.lnk

========== Files Created - No Company Name ==========

[2010/07/10 21:22:53 | 526,438,400 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/10 21:20:06 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\Judy\Desktop\DrWeb_071010.csv
[2010/07/10 09:47:01 | 042,730,616 | ---- | C] () -- C:\Documents and Settings\Judy\Desktop\4k8t247w.exe
[2010/07/08 22:22:42 | 000,000,032 | --S- | C] () -- C:\WINDOWS\System32\2617176621.dat
[2010/07/07 17:04:55 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010/07/07 17:04:46 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/07 16:59:37 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/07 16:59:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/07 16:59:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/07 16:59:37 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/07 16:59:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/07 16:35:05 | 003,728,433 | R--- | C] () -- C:\Documents and Settings\Judy\Desktop\ComboFix.exe
[2010/07/07 08:31:38 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Judy\Desktop\gmer.zip
[2010/07/06 22:20:41 | 000,581,419 | ---- | C] () -- C:\Documents and Settings\Judy\Desktop\Computer Problems after removing Fake AV Security Virus.mht
[2010/06/30 09:38:40 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/30 09:35:47 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\Judy\Desktop\NTREGOPT.lnk
[2010/06/30 09:35:47 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\Judy\Desktop\ERUNT.lnk
[2010/06/30 08:38:37 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\Judy\Desktop\HijackThis.lnk
[2010/06/15 19:35:52 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Judy\Desktop\Pay Raise.doc
[2010/05/21 23:40:38 | 000,001,814 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Anti-Theft.lnk
[2010/05/21 08:57:06 | 000,186,932 | ---- | C] () -- C:\Documents and Settings\Judy\Desktop\KickIt Soccer Rules.pdf
[2010/05/13 11:32:07 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/26 18:13:09 | 000,020,759 | ---- | C] () -- C:\Documents and Settings\Judy\Desktop\medical_release_form.pdf
[2010/04/26 18:12:51 | 000,074,499 | ---- | C] () -- C:\Documents and Settings\Judy\Desktop\youth_guest_player_release[1].pdf
[2010/04/18 09:12:33 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2102392488-2322073675-3800741003-1006.job
[2008/11/28 13:48:27 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/11/28 13:46:07 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPNX100.ini
[2008/08/18 12:34:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2008/04/18 23:57:05 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2008/04/18 23:03:17 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/03/28 08:01:47 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/03/29 21:56:55 | 000,000,104 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/02/04 14:56:21 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2006/11/03 12:12:08 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/03 12:12:08 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/08/29 21:22:19 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/06/05 22:40:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/24 23:28:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll
[2006/02/16 10:07:58 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2006/02/16 04:50:52 | 000,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/16 04:25:21 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/02/16 04:25:21 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/02/16 04:25:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/02/16 04:25:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/02/16 04:25:21 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/02/16 04:25:21 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/02/15 11:41:53 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/02/15 11:41:53 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/02/15 11:40:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/02/15 11:28:50 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/02/15 11:28:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/02/15 11:28:50 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/02/15 11:28:50 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/02/15 11:25:00 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/02/15 11:21:53 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/02/15 10:44:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/15 10:34:07 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/02/15 09:09:00 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/28 23:33:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 17:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/24 18:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/08/05 17:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/23 00:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 20:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 17:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2004/01/13 21:46:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/03/09 21:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/06/10 18:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2008/11/28 14:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2007/05/14 16:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Exetender
[2007/10/01 08:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/28 13:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2008/11/28 14:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2007/01/16 10:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/08/24 14:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2006/11/16 06:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2009/03/24 09:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2008/10/06 18:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/05/12 09:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/08/07 22:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judy\Application Data\CoreFTP
[2009/09/22 09:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judy\Application Data\EPSON
[2009/02/04 15:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judy\Application Data\InterVideo
[2008/11/28 14:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judy\Application Data\Leadertech
[2008/01/11 23:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judy\Application Data\Mind Control Software
[2009/08/08 23:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judy\Application Data\Nvu
[2008/09/27 22:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judy\Application Data\Research In Motion
[2008/01/11 23:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judy\Application Data\ThwartPoker Software
[2009/11/28 13:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judy\Application Data\TomTom
[2006/08/30 20:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judy\Application Data\toshiba
[2007/01/03 09:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judy\Application Data\UVU
[2007/01/16 10:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judy\Application Data\Viewpoint
[2007/06/11 22:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judy\Application Data\Wal-Mart Digital Photo Viewer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27AAAD97
< End of report >

Attached Files


Edited by mpascal, 12 July 2010 - 10:34 AM.
opened log

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP