Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't complete step one of guide, TFC freezes

Started by Kemperz , Jul 10 2010 02:50 AM

  • Please log in to reply

#1
Kemperz
Posted 10 July 2010 - 02:50 AM

Kemperz

    New Member

  • Member
  • Pip
  • 5 posts
Hi there, my girlfriend has successfully destroyed both her and my own computer with copious amounts of viruses and/or malware. Both computers have screeched to a halt and I am begining to fix mine, I have mcafee total protection 2010, but it keeps disabling itself and I also have malwarebytes anti malware, which is blocking constant attempts at IP's trying to access my computer. Any-who, i joined the forum hoping to remove these problems and hopefully stop it from happening again, but I cannot even complete step one of the removal guide because TFC freezes every time I start it up, the program loads, and the desktop disappears and the program says it's stopping running applications, but it just freezes there, i left it running for 15 minutes a couple of times and it does absolutely nothing, I can't even close the program, I have to just turn the power off, can anybody let me know if there is a way around this, or another program?!
  • 0

Advertisements

#2
RKinner
Posted 11 July 2010 - 08:28 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Any time a step won't work just skip to the next step. Sometimes it will work better in Safe Mode with Networking.

http://www.computerh...sues/chsafe.htm

What I really need to start with is the OTL logs.

Ron
  • 0

#3
Kemperz
Posted 13 July 2010 - 06:00 PM

Kemperz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hey there, did all the steps except TFC, as it was freezing, malwarebytes found some infections, i did restart and the computer is working alot better, but my antivirus is still disabling, here are all the logs I have.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4217

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

7/13/2010 3:37:44 PM
mbam-log-2010-07-13 (15-37-44).txt

Scan type: Full scan (C:\|)
Objects scanned: 173104
Time elapsed: 50 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 8
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{u6k388cd-ebkb-3jw0-whii-i8s1b274nrnt} (Generic.Bot.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gebxwtdrv (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ddbccbsys (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\opmnondrv (Trojan.Vundo) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vttqnosys (Trojan.Vundo) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gebxusdrv (Trojan.Vundo) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vttqnosys (Trojan.Vundo) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gebxusdrv (Trojan.Vundo) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\Internet\browser.exe (Generic.Bot.H) -> No action taken.
C:\Documents and Settings\user619\Application Data\cglogs.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\user619\Local Settings\Temp\IELOGIN.abc (Malware.Trace) -> No action taken.
C:\Documents and Settings\user619\Local Settings\Temp\UuU.uUu (Malware.Trace) -> No action taken.
C:\Documents and Settings\user619\Local Settings\Temp\XxX.xXx (Malware.Trace) -> No action taken.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4217

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

7/13/2010 3:38:29 PM
mbam-log-2010-07-13 (15-38-29).txt

Scan type: Full scan (C:\|)
Objects scanned: 173104
Time elapsed: 50 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 8
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{u6k388cd-ebkb-3jw0-whii-i8s1b274nrnt} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gebxwtdrv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ddbccbsys (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\opmnondrv (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vttqnosys (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gebxusdrv (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vttqnosys (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gebxusdrv (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\Internet\browser.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\user619\Application Data\cglogs.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\user619\Local Settings\Temp\IELOGIN.abc (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\user619\Local Settings\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\user619\Local Settings\Temp\XxX.xXx (Malware.Trace) -> Delete on reboot.





GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-13 16:16:44
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\user619\LOCALS~1\Temp\uxldypoc.sys


---- System - GMER 1.0.15 ----

SSDT spmc.sys ZwCreateKey [0xF73CA0E0]
SSDT spmc.sys ZwEnumerateKey [0xF73E8CA4]
SSDT spmc.sys ZwEnumerateValueKey [0xF73E9032]
SSDT spmc.sys ZwOpenKey [0xF73CA0C0]
SSDT spmc.sys ZwQueryKey [0xF73E910A]
SSDT spmc.sys ZwQueryValueKey [0xF73E8F8A]
SSDT spmc.sys ZwSetValueKey [0xF73E919C]

INT 0x33 ? 8413CBF8
INT 0x3A ? 8413CBF8
INT 0x3B ? 8413CBF8
INT 0x3E ? 8438ABF8
INT 0x3F ? 8438ABF8

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF72B8D74]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF72B8D88]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread

---- Kernel code sections - GMER 1.0.15 ----

? dxdwvebr.sys The system cannot find the file specified. !
? spmc.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F68908AC 5 Bytes JMP 8413C1D8
.text ahyw6eus.SYS F6840386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text ahyw6eus.SYS F68403AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ahyw6eus.SYS F68403C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text ahyw6eus.SYS F68403C9 1 Byte [30]
.text ahyw6eus.SYS F68403C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xF04F5300, 0x3ACC8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF77BB300, 0x1B7E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[964] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[964] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 843881F8

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 841F11F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8438B1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8438B1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8438B1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8438B1F8
Device \Driver\usbuhci \Device\USBPDO-1 841F11F8
Device \Driver\usbuhci \Device\USBPDO-2 841F11F8
Device \Driver\usbehci \Device\USBPDO-3 8413B1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1831503F-AB2D-4150-AB66-0CCEEA1C68EB} 83A36500

AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8438C1F8
Device \Driver\Cdrom \Device\CdRom0 841DB3F8
Device \Driver\Cdrom \Device\CdRom1 841DB3F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F731EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F731EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F731EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F731EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F731EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom2 841DB3F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 83A36500
Device \Driver\sptd \Device\2504198992 spmc.sys
Device \Driver\NetBT \Device\NetbiosSmb 83A36500
Device \Driver\PCI_PNP8128 \Device\0000004d spmc.sys
Device \Driver\PCI_PNP8128 \Device\0000004d spmc.sys

AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\usbuhci \Device\USBFDO-0 841F11F8
Device \Driver\usbuhci \Device\USBFDO-1 841F11F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 835E31F8
Device \Driver\usbuhci \Device\USBFDO-2 841F11F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 835E31F8
Device \Driver\usbehci \Device\USBFDO-3 8413B1F8
Device \Driver\Ftdisk \Device\FtControl 8438C1F8
Device \Driver\ahyw6eus \Device\Scsi\ahyw6eus1Port2Path0Target0Lun0 841CE1F8
Device \Driver\ahyw6eus \Device\Scsi\ahyw6eus1 841CE1F8
Device \FileSystem\Cdfs \Cdfs 83912500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCA 0x99 0x79 0xC9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x16 0xE7 0xBC 0xAD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAB 0x18 0xD6 0x19 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCA 0x99 0x79 0xC9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x16 0xE7 0xBC 0xAD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAB 0x18 0xD6 0x19 ...

---- EOF - GMER 1.0.15 ----


TL logfile created on: 7/13/2010 4:18:38 PM - Run 1
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\user619\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 226.00 Mb Available Physical Memory | 50.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 18.84 Gb Free Space | 50.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JONS
Current User Name: user619
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/10 01:07:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user619\Desktop\OTL.exe
PRC - [2010/06/24 22:32:44 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/06/02 17:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/05/31 20:32:58 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2010/05/31 20:32:58 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/09/01 16:28:10 | 000,053,248 | R--- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2002/07/12 01:33:12 | 001,581,056 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe


========== Modules (SafeList) ==========

MOD - [2010/07/10 01:07:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user619\Desktop\OTL.exe
MOD - [2008/04/14 05:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/05/31 20:32:58 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/05/31 20:32:58 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/04/14 12:50:14 | 000,170,144 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/08/24 21:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe -- (DfSdkS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2010/05/31 20:32:58 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/05/31 20:32:58 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/05/31 20:32:58 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/05/31 20:32:58 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/05/31 20:32:58 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/05/31 20:32:58 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/05/31 20:32:58 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/05/31 20:32:58 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/05/31 20:32:58 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/05/31 20:32:58 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/04/13 20:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2009/07/07 22:52:47 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/07/07 22:52:45 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/07/07 11:39:29 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/08/24 13:44:14 | 000,477,696 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2002/07/15 19:58:12 | 000,379,726 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2001/08/17 14:02:32 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/20 04:00:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/08 01:20:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/12 18:24:14 | 000,000,000 | ---D | M]

[2010/05/12 18:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user619\Application Data\Mozilla\Extensions
[2009/07/17 13:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user619\Application Data\Mozilla\Extensions\[email protected]
[2010/07/13 02:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user619\Application Data\Mozilla\Firefox\Profiles\yglnaegd.default\extensions
[2010/05/12 18:29:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user619\Application Data\Mozilla\Firefox\Profiles\yglnaegd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/13 02:49:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/04 20:52:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/31 20:32:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2008/04/14 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20100708001715.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HKLM] C:\WINDOWS\System32\Internet\browser.exe File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SystemTray] C:\WINDOWS\System32\systray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [HKCU] C:\WINDOWS\System32\Internet\browser.exe File not found
O4 - HKCU..\Run: [win2dkdes] C:\Documents and Settings\user619\Application Data\win2dkdes\win2dkdes.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\Internet\browser.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\Internet\browser.exe File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.18 64.59.144.19
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O21 - SSODL: DirectMusicScript - {55f243ff-7bcd-40ab-8003-448a46ec3584} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Documents and Settings\user619\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user619\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (effgef.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/24 02:21:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (EA.com/On2.com)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/10 02:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\EA GAMES
[2010/07/10 01:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/10 01:07:37 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user619\Desktop\OTL.exe
[2010/07/10 01:05:42 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user619\Desktop\TFC.exe
[2010/07/09 02:02:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user619\Application Data\DivX
[2010/07/07 01:03:21 | 000,052,736 | ---- | C] (Interplay Productions) -- C:\WINDOWS\ipuninst.exe
[2010/07/07 01:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\Fallout2
[2010/07/06 01:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/07/06 01:31:59 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/07/06 01:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/07/04 23:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user619\Application Data\Merscom
[2010/07/04 23:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2010/07/04 23:11:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Empire Builder - Ancient Egypt
[2010/07/04 19:38:15 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualCity
[2010/07/04 00:01:39 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2010/07/01 22:27:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user619\Application Data\Virtual City
[2010/06/20 04:16:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user619\Application Data\Malwarebytes
[2010/06/20 04:14:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/20 04:13:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/20 04:13:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/20 04:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/31 17:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/28 13:48:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/28 13:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\SiteAdvisor
[2010/05/28 13:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeMOBK
[2010/05/28 13:39:06 | 000,054,776 | ---- | C] (Mozy, Inc.) -- C:\WINDOWS\System32\drivers\MOBK.sys
[2010/05/28 13:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Online Backup
[2010/05/28 13:34:49 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/05/28 13:34:30 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/05/28 13:34:30 | 000,088,480 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/05/28 13:34:30 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/05/28 13:34:30 | 000,082,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/05/28 13:34:29 | 000,152,320 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/05/28 13:34:29 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/05/28 13:34:29 | 000,051,688 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/05/28 13:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2010/05/28 13:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2010/05/28 13:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/05/28 13:19:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/05/12 18:25:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user619\My Documents\Downloads
[2010/05/12 15:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user619\Desktop\Game Shortcuts
[2010/05/11 22:54:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user619\Application Data\Morpheus Software
[2010/05/11 22:52:49 | 000,000,000 | ---D | C] -- C:\Program Files\Morpheus Photo Warper
[2010/05/11 22:52:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user619\Application Data\win2dkdes
[2010/05/10 09:35:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user619\Local Settings\Application Data\TheWeatherNetwork
[2010/05/08 23:46:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Build a lot 3 Passport to Europe
[2010/05/07 23:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\ReflexiveArcade
[2010/05/05 22:14:06 | 000,028,160 | ---- | C] (mst software GmbH, Germany) -- C:\WINDOWS\System32\DfSdkBt.exe
[2010/05/04 20:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/04 20:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/04 18:36:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/04/26 15:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/13 15:46:02 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/07/13 15:42:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/13 15:42:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/13 15:40:04 | 004,194,304 | ---- | M] () -- C:\Documents and Settings\user619\ntuser.dat
[2010/07/13 15:40:04 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\user619\ntuser.ini
[2010/07/13 15:39:51 | 009,600,854 | -H-- | M] () -- C:\Documents and Settings\user619\Local Settings\Application Data\IconCache.db
[2010/07/12 19:18:17 | 000,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/12 19:18:17 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/12 19:18:17 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/07/12 00:07:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/10 03:22:44 | 000,001,871 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Medal of Honor Allied Assault™ Breakthrough.lnk
[2010/07/10 02:55:35 | 000,001,778 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Medal of Honor Allied Assault.lnk
[2010/07/10 01:08:46 | 000,000,628 | ---- | M] () -- C:\Documents and Settings\user619\Desktop\NTREGOPT.lnk
[2010/07/10 01:08:46 | 000,000,609 | ---- | M] () -- C:\Documents and Settings\user619\Desktop\ERUNT.lnk
[2010/07/10 01:07:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user619\Desktop\OTL.exe
[2010/07/10 01:05:47 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user619\Desktop\TFC.exe
[2010/07/09 02:01:29 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\user619\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/07 01:03:21 | 000,052,736 | ---- | M] (Interplay Productions) -- C:\WINDOWS\ipuninst.exe
[2010/07/05 01:50:20 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\user619\Desktop\Shortcut to taskmgr.lnk
[2010/07/04 20:03:32 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\user619\Desktop\Shortcut to VirtualCity.Unwrapped.lnk
[2010/07/04 19:53:10 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\user619\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet.lnk
[2010/07/04 03:17:47 | 000,488,244 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/04 03:17:47 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/04 03:17:47 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/04 00:02:24 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\user619\Desktop\LimeWire 5.5.8.lnk
[2010/06/23 03:47:27 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/06/23 03:47:27 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/06/20 22:56:07 | 000,110,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/20 04:14:33 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/15 01:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/05/31 20:32:58 | 000,385,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/05/31 20:32:58 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/05/31 20:32:58 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/05/31 20:32:58 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/05/31 20:32:58 | 000,088,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/05/31 20:32:58 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/05/31 20:32:58 | 000,082,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/05/31 20:32:58 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/05/31 20:32:58 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/05/31 20:32:58 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/05/28 12:50:03 | 000,000,322 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/05/12 15:01:45 | 000,001,293 | ---- | M] () -- C:\Documents and Settings\user619\Desktop\Program Files.lnk
[2010/05/11 22:52:28 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\user619\tenmy.ini
[2010/05/10 02:21:48 | 000,000,433 | ---- | M] () -- C:\WINDOWS\Buildalot3.ini
[2010/05/05 22:14:08 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\user619\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo WinOptimizer 6.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/12 19:25:42 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/07/10 03:11:54 | 000,001,871 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Medal of Honor Allied Assault™ Breakthrough.lnk
[2010/07/10 02:41:52 | 000,001,778 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Medal of Honor Allied Assault.lnk
[2010/07/10 01:08:46 | 000,000,628 | ---- | C] () -- C:\Documents and Settings\user619\Desktop\NTREGOPT.lnk
[2010/07/10 01:08:46 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\user619\Desktop\ERUNT.lnk
[2010/07/10 01:07:59 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\user619\Desktop\gmer.exe
[2010/07/05 01:50:20 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\user619\Desktop\Shortcut to taskmgr.lnk
[2010/07/04 20:03:32 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\user619\Desktop\Shortcut to VirtualCity.Unwrapped.lnk
[2010/07/04 19:53:10 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\user619\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet.lnk
[2010/07/04 00:02:24 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\user619\Desktop\LimeWire 5.5.8.lnk
[2010/06/20 04:14:33 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/28 12:50:06 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/05/28 12:50:03 | 000,000,322 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/05/11 22:52:28 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\user619\tenmy.ini
[2010/05/10 02:21:39 | 000,000,433 | ---- | C] () -- C:\WINDOWS\Buildalot3.ini
[2009/09/07 21:25:54 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/09/06 01:07:29 | 000,000,113 | ---- | C] () -- C:\WINDOWS\Sansa Media Converter.INI
[2009/09/06 00:31:12 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/09/06 00:31:11 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/09/06 00:31:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/09/06 00:31:04 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/09/06 00:31:04 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/07/15 00:24:49 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/07/14 18:44:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/07/12 03:50:48 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/07/07 22:52:46 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/07/07 22:52:45 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/07/07 22:44:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/07 11:39:28 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/07/07 10:41:24 | 000,000,180 | ---- | C] () -- C:\WINDOWS\CMMPLAY.INI
[2009/07/07 10:38:06 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/07/07 10:35:26 | 000,004,333 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2009/07/07 10:32:47 | 000,028,236 | ---- | C] () -- C:\WINDOWS\cmijack.ini
[2009/07/07 10:32:46 | 000,018,210 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2009/07/07 10:32:35 | 000,000,411 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2009/07/07 10:32:35 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2009/07/07 07:04:16 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009/06/24 03:11:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/24 02:30:22 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2009/06/24 02:30:22 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2007/07/25 15:24:30 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/09/28 14:55:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2006/09/26 14:01:40 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/02/26 16:08:28 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/09/17 17:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll

========== LOP Check ==========

[2009/07/07 11:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/08/19 14:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX
[2010/05/09 04:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2010/07/04 23:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2009/09/30 14:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/07/12 04:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground
[2009/08/29 15:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\page
[2010/06/26 00:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/04 23:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user619\Application Data\Any Video Converter Professional
[2009/07/07 15:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user619\Application Data\DAEMON Tools Lite
[2009/07/07 22:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user619\Application Data\InterTrust
[2010/07/04 05:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user619\Application Data\LimeWire
[2010/07/04 23:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user619\Application Data\Merscom
[2010/05/11 22:54:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user619\Application Data\Morpheus Software
[2010/05/05 17:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user619\Application Data\SanDisk
[2010/07/13 03:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user619\Application Data\uTorrent
[2010/07/04 19:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user619\Application Data\Virtual City
[2010/05/28 11:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user619\Application Data\win2dkdes
[2010/06/15 01:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/05/28 12:50:03 | 000,000,322 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/24 02:21:19 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/12 19:18:17 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2009/06/24 02:21:19 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/07/12 04:26:02 | 000,016,220 | ---- | M] () -- C:\GF_Excpt.txt
[2009/06/24 02:21:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/06/24 02:21:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 05:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/13 15:42:15 | 1048,576,000 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/24 02:20:39 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/05/04 10:20:32 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/05/04 10:20:33 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/06/23 19:05:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/06/23 19:05:08 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/06/23 19:05:08 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/14 05:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 05:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/14 05:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-04 10:31:49

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8435088
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:957E9765
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66
< End of report >

OTL Extras logfile created on: 7/13/2010 4:18:38 PM - Run 1
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\user619\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 226.00 Mb Available Physical Memory | 50.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 18.84 Gb Free Space | 50.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JONS
Current User Name: user619
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe" = C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe:*:Enabled:Speed -- File not found
"C:\Documents and Settings\user619\Local Settings\Temp\IXP000.TMP\Ashampoo AntiSpyWare 2.02 (Updatable)+Key-HeartBug.exe" = C:\Documents and Settings\user619\Local Settings\Temp\IXP000.TMP\Ashampoo AntiSpyWare 2.02 (Updatable)+Key-HeartBug.exe:*:Enabled:C:\DOCUME~1\user619\LOCALS~1\Temp\IXP000.TMP\Ashampoo AntiSpyWare 2.02 (Updatable)+Key-HeartBug.exe -- File not found
"C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe" = C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Disabled:BF1942 -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\user619\Desktop\Jon\Doom 3\Doom 3\DOOM3DED.exe" = C:\Documents and Settings\user619\Desktop\Jon\Doom 3\Doom 3\DOOM3DED.exe:*:Disabled:DOOM 3 -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01D03306-3CEE-4630-B6F3-AA78638E9F2F}_is1" = VirtualCity
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 20
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{581CE7EA-A30D-0000-1211-088635773309}" = 2WIRE Wireless LAN - USB Driver
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7104189A-C592-4A56-AC9E-7C0CA135DA3C}" = AGEIA PhysX v6.10.25
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}" = Medal of Honor Allied Assault™ Breakthrough
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{BF9BA346-27AA-4EE0-8333-FEA5400D2AA0}" = 18 WoS Across America
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{DF9046D6-5F1F-40B6-9782-3DC2D902D391}" = Medal of Honor Allied Assault™ Breakthrough Patch v2.40
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60
"BFGC" = Big Fish Games Client
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX Setup
"DXTXTRA" = Microsoft DirectX Transform optional components
"EAX Unified" = EAX Unified
"ERUNT_is1" = ERUNT 1.1j
"Fallout2" = Fallout2
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{BF9BA346-27AA-4EE0-8333-FEA5400D2AA0}" = 18 WoS Across America
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.0.0 (Full)
"LimeWire" = LimeWire 5.5.8
"Mad Catz Andretti Wheel" = Mad Catz Andretti Wheel
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSC" = McAfee Total Protection
"MSNINST" = MSN
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PCI Audio Applications" = PCI Audio Applications
"PCI Audio Driver" = PCI Audio Driver
"S3" = UniChrome IGP Driver and Utilities
"VLC media player" = VideoLAN VLC media player 0.8.6f
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/8/2010 3:26:02 AM | Computer Name = JONS | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2828 (0xb0c) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\McAfee\MSC\mscjsres.dll

by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 4(30)(0) 4(30)(0)

7200(20)(0) 7595(20)(0) 7005(20)(0) 7004(20)(0) 5006(20)(0) 5004(20)(0)

Error - 7/8/2010 3:28:09 AM | Computer Name = JONS | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3336 (0xd08) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\Common
Files\Mcafee\SystemCore\mfeapfa.dll by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

4(60)(0) 4(60)(0) 7200(50)(0) 7595(50)(0) 7005(40)(0) 7004(40)(0) 5006(40)(0) 5004(40)(0)


Error - 7/8/2010 3:28:09 AM | Computer Name = JONS | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 4084 (0xff4) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\McAfee\MPF\L10N.dll

by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 4(70)(0) 4(70)(0)

7200(60)(0) 7595(60)(0) 7005(60)(0) 7004(60)(0) 5006(60)(0) 5004(60)(0)

Error - 7/8/2010 3:30:21 AM | Computer Name = JONS | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2480 (0x9b0) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\Common
Files\Mcafee\SystemCore\mfeapfa.dll by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

4(30)(0) 4(30)(0) 7200(20)(0) 7595(20)(0) 7005(20)(0) 7004(20)(0) 5006(20)(0) 5004(20)(0)


Error - 7/8/2010 4:21:14 AM | Computer Name = JONS | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2208 (0x8a0) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\Common
Files\Mcafee\SystemCore\mfeapfa.dll by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

4(170)(0) 4(170)(0) 7200(40)(0) 7595(40)(0) 7005(40)(0) 7004(40)(0) 5006(40)(0)

5004(40)(0)

Error - 7/8/2010 4:21:14 AM | Computer Name = JONS | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2740 (0xab4) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\McAfee\MSK\mskppv.dll

by c:\PROGRA~1\mcafee.com\agent\mcagent.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 7/8/2010 4:21:14 AM | Computer Name = JONS | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 164 (0xa4) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\McAfee\MPF\L10N.dll

by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 4(0)(0) 4(0)(0)
7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 7/8/2010 4:24:39 AM | Computer Name = JONS | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 1620 (0x654) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\Common
Files\Mcafee\SystemCore\mfeapfa.dll by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

4(211)(0) 4(211)(0) 7200(81)(0) 7595(81)(0) 7005(81)(0) 7004(81)(0) 5006(81)(0)

5004(81)(0)

Error - 7/8/2010 4:26:50 AM | Computer Name = JONS | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 1004 (0x3ec) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\Common
Files\Mcafee\SystemCore\mfeapfa.dll by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

4(20)(0) 4(20)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 7/8/2010 4:29:05 AM | Computer Name = JONS | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 920 (0x398) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\Common
Files\Mcafee\SystemCore\mfeapfa.dll by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

4(50)(0) 4(50)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


[ System Events ]
Error - 7/13/2010 6:37:28 PM | Computer Name = JONS | Source = Service Control Manager | ID = 7031
Description = The McShield service terminated unexpectedly. It has done this 4
time(s). The following corrective action will be taken in 5000 milliseconds: Restart
the service.

Error - 7/13/2010 6:38:05 PM | Computer Name = JONS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McShield service to connect.

Error - 7/13/2010 6:38:05 PM | Computer Name = JONS | Source = Service Control Manager | ID = 7000
Description = The McShield service failed to start due to the following error: %%1053

Error - 7/13/2010 6:42:21 PM | Computer Name = JONS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 7/13/2010 6:45:19 PM | Computer Name = JONS | Source = Service Control Manager | ID = 7031
Description = The McShield service terminated unexpectedly. It has done this 1
time(s). The following corrective action will be taken in 5000 milliseconds: Restart
the service.

Error - 7/13/2010 6:50:33 PM | Computer Name = JONS | Source = Service Control Manager | ID = 7031
Description = The McShield service terminated unexpectedly. It has done this 2
time(s). The following corrective action will be taken in 5000 milliseconds: Restart
the service.

Error - 7/13/2010 6:55:59 PM | Computer Name = JONS | Source = Service Control Manager | ID = 7031
Description = The McShield service terminated unexpectedly. It has done this 3
time(s). The following corrective action will be taken in 5000 milliseconds: Restart
the service.

Error - 7/13/2010 7:00:52 PM | Computer Name = JONS | Source = Service Control Manager | ID = 7031
Description = The McShield service terminated unexpectedly. It has done this 4
time(s). The following corrective action will be taken in 5000 milliseconds: Restart
the service.

Error - 7/13/2010 7:03:05 PM | Computer Name = JONS | Source = Service Control Manager | ID = 7031
Description = The McShield service terminated unexpectedly. It has done this 5
time(s). The following corrective action will be taken in 5000 milliseconds: Restart
the service.

Error - 7/13/2010 7:05:13 PM | Computer Name = JONS | Source = Service Control Manager | ID = 7034
Description = The McShield service terminated unexpectedly. It has done this 6
time(s).


< End of report >


Thanks everyone, I hope this can all get fixed up.
  • 0

#4
RKinner
Posted 13 July 2010 - 06:52 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Uninstall
Daemon Tools Lite and Daemon Tools Toolbar.
Limewire
utorrent


Copy the text in the code box by highlighting and Ctrl + c 

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O4 - HKLM..\Run: [HKLM] C:\WINDOWS\System32\Internet\browser.exe File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [SystemTray] C:\WINDOWS\System32\systray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HKCU] C:\WINDOWS\System32\Internet\browser.exe File not found
O4 - HKCU..\Run: [win2dkdes] C:\Documents and Settings\user619\Application Data\win2dkdes\win2dkdes.exe File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\Internet\browser.exe File not found
O21 - SSODL: DirectMusicScript - {55f243ff-7bcd-40ab-8003-448a46ec3584} - CLSID or File not found.
O30 - LSA: Authentication Packages - (effgef.dll) - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found

:Files
C:\WINDOWS\system32\DRIVERS\dxdwvebr.sys
C:\Documents and Settings\user619\Application Data\win2dkdes
C:\WINDOWS\system32\Internet

	 
:Commands
[purity]
[emptytemp]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Ron
  • 0

#5
Kemperz
Posted 14 July 2010 - 11:57 PM

Kemperz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hey, uninstalled limewire, daemon tools and toolbar and uninstalled utorrent, followed all of your instructions and these are the logs from OTL and Combo Fix, thanks for your replies and just let me know if there is more action needed.

OTL log:

All processes killed
========== OTL ==========
Error: No service named ALCXWDM) Service for Realtek AC97 Audio (WDM was found to stop!
Service\Driver key ALCXWDM) Service for Realtek AC97 Audio (WDM not found.
File C:\WINDOWS\System32\drivers\ALCXWDM.SYS not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HKLM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SystemTray deleted successfully.
C:\WINDOWS\system32\systray.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\HKCU deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\win2dkdes deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Policies deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\DirectMusicScript deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55f243ff-7bcd-40ab-8003-448a46ec3584}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:effgef.dll deleted successfully.
HidServ removed from NetSvcs value successfully!
Service HidServ stopped successfully!
Service HidServ deleted successfully!
========== FILES ==========
File\Folder C:\WINDOWS\system32\DRIVERS\dxdwvebr.sys not found.
C:\Documents and Settings\user619\Application Data\win2dkdes folder moved successfully.
C:\WINDOWS\system32\Internet folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Guest

User: Guest.JONS
->Temp folder emptied: 33677 bytes
->Temporary Internet Files folder emptied: 250850 bytes
->FireFox cache emptied: 89069197 bytes
->Flash cache emptied: 37025 bytes

User: HelpAssistant

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65988 bytes
->Flash cache emptied: 567 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 35019 bytes

User: SUPPORT_388945a0

User: user619
->Temp folder emptied: 53819148 bytes
->Temporary Internet Files folder emptied: 43392913 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 35937317 bytes
->Flash cache emptied: 8420 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 716316 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 39175968 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 65988 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 253.00 mb


OTL by OldTimer - Version 3.2.8.1 log created on 07142010_221306

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Combofix log:

ComboFix 10-07-14.02 - user619 07/14/2010 22:37:35.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.102 [GMT -7:00]
Running from: c:\documents and settings\user619\Desktop\George.exe
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\user619\Application Data\bcrypt.html

.
((((((((((((((((((((((((( Files Created from 2010-06-15 to 2010-07-15 )))))))))))))))))))))))))))))))
.

2010-07-15 01:13 . 2010-07-15 01:13 -------- d-----w- C:\_OTL
2010-07-10 09:35 . 2010-07-10 09:35 -------- d-----w- c:\program files\EA GAMES
2010-07-10 08:08 . 2010-07-10 08:09 -------- d-----w- c:\program files\ERUNT
2010-07-09 09:02 . 2010-07-09 09:02 -------- d-----w- c:\documents and settings\user619\Application Data\DivX
2010-07-07 08:03 . 2010-07-07 08:03 52736 ----a-w- c:\windows\ipuninst.exe
2010-07-07 08:00 . 2010-07-07 08:05 -------- d-----w- c:\program files\Fallout2
2010-07-06 08:34 . 2010-07-06 08:34 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-06 08:33 . 2010-07-06 08:31 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-06 08:33 . 2010-07-06 08:30 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-06 08:33 . 2010-07-06 08:33 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-05 06:16 . 2010-07-05 06:16 -------- d-----w- c:\documents and settings\user619\Application Data\Merscom
2010-07-05 06:16 . 2010-07-05 06:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom
2010-07-05 06:11 . 2010-07-05 06:11 -------- d-----w- c:\windows\Empire Builder - Ancient Egypt
2010-07-05 02:38 . 2010-07-05 02:38 -------- d-----w- c:\program files\VirtualCity
2010-07-02 05:27 . 2010-07-05 02:50 -------- d-----w- c:\documents and settings\user619\Application Data\Virtual City
2010-06-20 11:16 . 2010-06-20 11:16 -------- d-----w- c:\documents and settings\user619\Application Data\Malwarebytes
2010-06-20 11:14 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-20 11:13 . 2010-06-20 11:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-20 11:13 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-20 11:13 . 2010-06-20 11:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-15 01:04 . 2009-07-07 18:00 -------- d-----w- c:\program files\uTorrent
2010-07-15 01:04 . 2009-07-07 18:00 -------- d-----w- c:\documents and settings\user619\Application Data\uTorrent
2010-07-10 10:13 . 2009-06-24 09:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-08 08:35 . 2010-05-28 20:33 -------- d-----w- c:\program files\McAfee
2010-07-06 08:33 . 2010-07-06 08:31 -------- d-----w- c:\program files\DivX
2010-07-06 08:33 . 2010-07-06 08:31 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-06 08:33 . 2010-07-06 08:33 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-07-06 08:33 . 2010-07-06 08:33 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-07-06 08:33 . 2010-07-06 08:33 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-07-06 08:33 . 2010-07-06 08:33 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-07-06 08:33 . 2010-07-06 08:33 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-07-06 08:33 . 2010-07-06 08:33 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-07-06 08:33 . 2010-07-06 08:33 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-07-06 08:33 . 2010-07-06 08:33 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-07-06 08:33 . 2010-07-06 08:33 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-07-06 08:32 . 2010-07-06 08:32 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-06 08:32 . 2010-07-06 08:32 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-07-06 08:32 . 2010-07-06 08:32 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-07-04 12:23 . 2009-07-17 20:45 -------- d-----w- c:\documents and settings\user619\Application Data\LimeWire
2010-06-26 07:46 . 2009-07-08 00:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-23 08:59 . 2009-07-19 01:36 -------- d-----w- c:\program files\18 WoS Across America
2010-06-21 06:08 . 2009-08-19 21:11 -------- d-----w- c:\program files\DFX
2010-06-14 14:31 . 2009-06-24 09:18 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-01 03:32 . 2010-05-28 20:34 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-06-01 03:32 . 2010-05-28 20:34 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-06-01 03:32 . 2010-05-28 20:34 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-06-01 03:32 . 2010-05-28 20:34 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-06-01 03:32 . 2010-05-28 20:34 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-06-01 03:32 . 2010-05-28 20:34 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-06-01 03:32 . 2010-05-28 20:34 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-06-01 03:32 . 2010-05-28 20:34 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-06-01 03:32 . 2010-04-14 19:50 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-06-01 03:32 . 2010-04-14 19:50 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-05-29 00:14 . 2010-05-29 00:14 503808 ----a-w- c:\documents and settings\user619\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5b5db105-n\msvcp71.dll
2010-05-29 00:14 . 2010-05-29 00:14 61440 ----a-w- c:\documents and settings\user619\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6ca9cc4d-n\decora-sse.dll
2010-05-29 00:14 . 2010-05-29 00:14 499712 ----a-w- c:\documents and settings\user619\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5b5db105-n\jmc.dll
2010-05-29 00:14 . 2010-05-29 00:14 12800 ----a-w- c:\documents and settings\user619\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6ca9cc4d-n\decora-d3d.dll
2010-05-29 00:14 . 2010-05-29 00:14 348160 ----a-w- c:\documents and settings\user619\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5b5db105-n\msvcr71.dll
2010-05-28 23:36 . 2010-05-28 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-28 20:41 . 2010-05-28 20:41 -------- d-----w- c:\program files\SiteAdvisor
2010-05-28 20:41 . 2010-05-28 20:41 -------- d-----w- c:\program files\McAfeeMOBK
2010-05-28 20:38 . 2010-05-28 20:38 -------- d-----w- c:\program files\McAfee Online Backup
2010-05-28 20:35 . 2010-05-28 20:34 -------- d-----w- c:\program files\Common Files\Mcafee
2010-05-28 20:34 . 2010-05-28 20:34 -------- d-----w- c:\program files\McAfee.com
2010-05-05 03:52 . 2010-05-05 03:52 503808 ----a-w- c:\documents and settings\user619\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-140ba891-n\msvcp71.dll
2010-05-05 03:52 . 2010-05-05 03:52 499712 ----a-w- c:\documents and settings\user619\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-140ba891-n\jmc.dll
2010-05-05 03:52 . 2010-05-05 03:52 348160 ----a-w- c:\documents and settings\user619\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-140ba891-n\msvcr71.dll
2010-05-05 03:52 . 2010-05-05 03:52 61440 ----a-w- c:\documents and settings\user619\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-695db267-n\decora-sse.dll
2010-05-05 03:52 . 2010-05-05 03:52 12800 ----a-w- c:\documents and settings\user619\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-695db267-n\decora-d3d.dll
2010-05-04 17:20 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2008-04-14 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-06-01 03:32 . 2010-05-28 20:34 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 03:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 03:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 03:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-09-01 53248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"C-Media Mixer"="Mixer.exe" [2002-07-12 1581056]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2002-07-12 08:33 1581056 ----a-w- c:\windows\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 17:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-27 00:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [5/28/2010 1:34 PM 82952]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [5/28/2010 1:39 PM 54776]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/20/2010 4:14 AM 304464]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [5/28/2010 1:34 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [5/28/2010 1:34 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [5/28/2010 1:34 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [5/28/2010 1:35 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [5/28/2010 1:34 PM 141792]
R2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [4/13/2010 8:11 PM 229688]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [5/28/2010 1:34 PM 55456]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/20/2010 4:13 AM 20952]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [5/28/2010 1:34 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [5/28/2010 1:34 PM 88480]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [5/5/2010 10:14 PM 406016]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [5/28/2010 1:34 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [5/28/2010 1:34 PM 83496]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/7/2009 11:39 AM 721904]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user619\Application Data\Mozilla\Firefox\Profiles\yglnaegd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Mad Catz Andretti Wheel - c:\program files\Mad Catz



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-14 22:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-07-14 22:46:00
ComboFix-quarantined-files.txt 2010-07-15 05:45

Pre-Run: 18,674,315,264 bytes free
Post-Run: 18,640,670,720 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 38B5FB4FC3187525FAD1EDF25CE99C08
  • 0

#6
RKinner
Posted 15 July 2010 - 12:45 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall:

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\system32\drivers\sptd.sys

Driver::
sptd



******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag it over to george and let it start as before.

Post the new log.

Could you run gmer again just as before and post the new log?

Are you able to start your anti-virus now? Is it a trial or a paid up subscription>

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear Log, No (we don't want to save the old log), OK. Repeat for Application. Reboot.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP