1. Cannnot download program files, 0 bytes(i.e. OpenDNSAutoUpdater, OTL, IE8, mirc714, Java,wlsetup including exehelper & rkill.<br />2. MBam & olderversion of OTL scans included.<br />3. File Hippo shows updates for Windows Live messenger & IE8 (not installed to my knowledge). Google updates shows as active but not installed.<br /><br />Since things were funky I ran ALL the scans availble on the machine and came up clean; since I couldn't dl the latest copy of OTL I ran an older one I had and have posted logs. I recently changed from Avast to MSSEssentials and it occurs to me that may be involved. On the other hand, hanging around here shows me what little I do know. There are a few other issues which may be pertinent:<br />a. I removed a couple of programs that I had reservations about.<br />b. If I go to control panel/system/user profiles I get<br />administrator<br />guest<br />my dell<br />my dell_2<br />the my dell_2 seems to create itself and be hidden<br />If I go to control panel/userprofiles it does not show.<br /><br />I have original disks and update frequently and take my security seriously but am a novice of long standing. Any direction toward clarifying the problem is appreciated.<br />Malwarebytes' Anti-Malware 1.46<br />www.malwarebytes.org<br /><br />Database version: 4891<br /><br />Windows 5.1.2600 Service Pack 3<br />Internet Explorer 7.0.5730.11<br /><br />10/20/2010 6:38:27 AM<br />mbam-log-2010-10-20 (06-38-27).txt<br /><br />Scan type: Quick scan<br />Objects scanned: 158806<br />Time elapsed: 18 minute(s), 23 second(s)<br /><br />Memory Processes Infected: 0<br />Memory Modules Infected: 0<br />Registry Keys Infected: 0<br />Registry Values Infected: 0<br />Registry Data Items Infected: 0<br />Folders Infected: 0<br />Files Infected: 0<br /><br />Memory Processes Infected:<br />(No malicious items detected)<br /><br />Memory Modules Infected:<br />(No malicious items detected)<br /><br />Registry Keys Infected:<br />(No malicious items detected)<br /><br />Registry Values Infected:<br />(No malicious items detected)<br /><br />Registry Data Items Infected:<br />(No malicious items detected)<br /><br />Folders Infected:<br />(No malicious items detected)<br /><br />Files Infected:<br />(No malicious items detected)<br /><br /><br />OTL logfile created on: 10/20/2010 6:44:10 AM - Run 6<br />OTL by OldTimer - Version 3.1.3.3 Folder = D:\Geeks<br />Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation<br />Internet Explorer (Version = 7.0.5730.11)<br />Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy<br /> <br />1023.43 Mb Total Physical Memory | 572.16 Mb Available Physical Memory | 55.91% Memory free<br />1.65 Gb Paging File | 1.13 Gb Available in Paging File | 68.57% Paging File free<br />Paging file location(s): C:\pagefile.sys 768 1536 [binary data]<br /> <br />%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files<br />Drive C: | 27.94 Gb Total Space | 5.37 Gb Free Space | 19.23% Space Free | Partition Type: NTFS<br />Drive D: | 3.74 Gb Total Space | 2.48 Gb Free Space | 66.42% Space Free | Partition Type: FAT32<br />E: Drive not present or media not loaded<br />F: Drive not present or media not loaded<br />G: Drive not present or media not loaded<br />H: Drive not present or media not loaded<br />I: Drive not present or media not loaded<br /> <br />Computer Name: SQUARE-DEAL<br />Current User Name: My Dell<br />Logged in as Administrator.<br /> <br />Current Boot Mode: Normal<br />Scan Mode: Current user<br />Company Name Whitelist: On<br />Skip Microsoft Files: On<br />File Age = 14 Days<br />Output = Standard<br />Quick Scan<br /> <br /><font color="#E56717">========== Processes (SafeList) ==========</font><br /> <br />PRC - [2010/10/01 14:58:07 | 02,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE<br />PRC - [2010/09/29 10:01:16 | 02,500,552 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe<br />PRC - [2010/09/29 10:00:54 | 01,901,056 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe<br />PRC - [2010/09/15 04:34:02 | 01,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe<br />PRC - [2010/05/20 17:19:16 | 00,088,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe<br />PRC - [2010/03/25 21:40:44 | 00,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe<br />PRC - [2010/03/25 21:40:42 | 00,203,312 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe<br />PRC - [2010/02/19 17:00:24 | 00,148,744 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe<br />PRC - [2009/11/05 05:22:18 | 00,528,384 | ---- | M] (OldTimer Tools) -- D:\Geeks\OTL.exe<br />PRC - [2009/03/26 16:21:03 | 00,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe<br />PRC - [2008/04/13 19:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe<br />PRC - [2008/04/13 19:12:27 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqtgsvc.exe<br />PRC - [2008/04/13 19:12:27 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe<br />PRC - [2008/04/13 19:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe<br />PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe<br />PRC - [2006/03/02 20:49:14 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe<br />PRC - [2005/01/12 14:54:58 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe<br />PRC - [2004/02/05 16:07:24 | 00,495,616 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe<br />PRC - [2003/08/29 20:05:35 | 00,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe<br />PRC - [2003/08/29 12:14:56 | 00,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe<br />PRC - [2003/08/12 22:25:24 | 00,319,488 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe<br />PRC - [2003/08/12 21:10:00 | 00,335,872 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe<br />PRC - [2003/07/16 11:41:47 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe<br />PRC - [2003/02/24 15:35:12 | 00,163,840 | ---- | M] () -- C:\WINDOWS\system32\pctspk.exe<br />PRC - [2002/01/16 23:49:00 | 00,163,840 | ---- | M] (Netropa Corp.) -- C:\WINDOWS\MMKeybd.exe<br />PRC - [2002/01/16 23:49:00 | 00,028,672 | ---- | M] () -- C:\WINDOWS\Nhksrv.exe<br />PRC - [2001/11/14 03:03:12 | 00,090,112 | ---- | M] (Netropa Corp.) -- C:\Program Files\Netropa\OSD.exe<br /> <br /> <br /><font color="#E56717">========== Modules (SafeList) ==========</font><br /> <br />MOD - [2010/09/29 10:02:42 | 00,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll<br />MOD - [2010/08/23 11:12:02 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll<br />MOD - [2009/11/05 05:22:18 | 00,528,384 | ---- | M] (OldTimer Tools) -- D:\Geeks\OTL.exe<br />MOD - [2008/04/13 19:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll<br />MOD - [2004/02/05 16:07:42 | 00,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll<br /> <br /> <br /><font color="#E56717">========== Win32 Services (SafeList) ==========</font><br /> <br />SRV - [2010/09/29 10:00:54 | 01,901,056 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)<br />SRV - [2010/08/20 07:42:49 | 00,135,664 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate)<br />SRV - [2010/05/20 17:19:16 | 00,088,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)<br />SRV - [2010/03/25 21:40:44 | 00,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)<br />SRV - [2010/02/19 17:00:24 | 00,148,744 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe -- (CLPSLS)<br />SRV - [2009/01/30 17:46:12 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)<br />SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)<br />SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)<br />SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)<br />SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)<br />SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)<br />SRV - [2008/04/13 19:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe -- (SNMP)<br />SRV - [2008/04/13 19:12:27 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqtgsvc.exe -- (MSMQTriggers)<br />SRV - [2008/04/13 19:12:27 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe -- (MSMQ)<br />SRV - [2008/04/13 19:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)<br />SRV - [2008/04/13 19:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)<br />SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)<br />SRV - [2008/04/13 19:11:55 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iprip.dll -- (Iprip)<br />SRV - [2006/03/02 20:49:14 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)<br />SRV - [2003/08/12 22:25:24 | 00,319,488 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)<br />SRV - [2003/07/16 11:41:47 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)<br />SRV - [2002/01/16 23:49:00 | 00,028,672 | ---- | M] () -- C:\WINDOWS\Nhksrv.exe -- (Nhksrv)<br /> <br /> <br /><font color="#E56717">========== Standard Registry (SafeList) ==========</font><br /> <br /> <br /><font color="#E56717">========== Internet Explorer ==========</font><br /> <br />IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href='http://go.microsoft.com/fwlink/?LinkId=69157' class='bbc_url' title='External link' rel='nofollow external'>
http://go.microsoft....Id=69157</a><br />IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href='http://go.microsoft.com/fwlink/?LinkId=54896' class='bbc_url' title='External link' rel='nofollow external'>
http://go.microsoft....Id=54896</a><br />IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]<br />IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons<br />IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm<br />IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = <a href='http://go.microsoft.com/fwlink/?LinkId=54896' class='bbc_url' title='External link' rel='nofollow external'>
http://go.microsoft....Id=54896</a><br />IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk<br />IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = <a href='http://go.microsoft.com/fwlink/?LinkId=69157' class='bbc_url' title='External link' rel='nofollow external'>
http://go.microsoft....Id=69157</a><br />IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = <a href='http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm' class='bbc_url' title='External link' rel='nofollow external'>
http://ie.search.msn...cust.htm</a><br />IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = <a href='http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm' class='bbc_url' title='External link' rel='nofollow external'>
http://ie.search.msn...asst.htm</a><br /> <br />IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm<br />IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1<br />IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = <a href='http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch' class='bbc_url' title='External link' rel='nofollow external'>
http://www.microsoft...iesearch</a><br />IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank<br />IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0<br /> <br /><font color="#E56717">========== FireFox ==========</font><br /> <br />FF - prefs.js..browser.search.defaultenginename: "Secure Search"<br />FF - prefs.js..browser.search.useDBForOrder: true<br />FF - prefs.js..browser.startup.homepage: "
http://www.bing.com"<br />FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2<br />FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3<br />FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0<br />FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.5<br />FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2<br />FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.11<br />FF - prefs.js..keyword.URL: "
http://search.yahoo....&p="<br />FF - prefs.js..network.proxy.autoconfig_url: "
http://192.168.1.254/"<br />FF - prefs.js..network.proxy.type: 2<br /> <br />FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 21:33:32 | 00,000,000 | ---D | M]<br />FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/10/13 07:51:39 | 00,000,000 | ---D | M]<br />FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/20 05:10:19 | 00,000,000 | ---D | M]<br />FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/20 05:10:19 | 00,000,000 | ---D | M]<br />FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/10/11 04:22:40 | 00,000,000 | ---D | M]<br />FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins<br /> <br />[2009/12/10 05:22:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\My Dell\Application Data\Mozilla\Extensions<br />[2009/12/10 05:22:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\My Dell\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}<br />[2009/11/09 16:01:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\My Dell\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}<br />[2010/10/18 06:52:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\My Dell\Application Data\Mozilla\Firefox\Profiles\boxim06v.default\extensions<br />[2010/06/12 20:37:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\My Dell\Application Data\Mozilla\Firefox\Profiles\boxim06v.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}<br />[2010/07/10 12:55:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\My Dell\Application Data\Mozilla\Firefox\Profiles\boxim06v.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}<br />[2010/10/18 06:52:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\My Dell\Application Data\Mozilla\Firefox\Profiles\boxim06v.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}<br />[2010/10/15 11:35:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\My Dell\Application Data\Mozilla\Firefox\Profiles\boxim06v.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}<br />[2010/08/18 03:11:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\My Dell\Application Data\Mozilla\Firefox\Profiles\boxim06v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}<br />[2010/07/29 16:01:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\My Dell\Application Data\Mozilla\Firefox\Profiles\boxim06v.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}<br />[2009/06/14 15:44:19 | 00,002,164 | ---- | M] () -- C:\Documents and Settings\My Dell\Application Data\Mozilla\Firefox\Profiles\boxim06v.default\searchplugins\bing.xml<br />[2010/10/20 05:08:49 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions<br />[2010/10/20 05:10:18 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}<br />[2010/04/08 07:35:54 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}<br />[2010/10/20 05:09:48 | 00,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll<br />[2010/10/20 05:09:49 | 00,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll<br />[2010/07/17 14:38:47 | 00,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll<br />[2010/10/20 05:10:00 | 00,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll<br />[2010/08/24 18:19:19 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml<br />[2010/08/24 18:19:19 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml<br />[2010/08/24 18:19:19 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml<br />[2010/08/24 18:19:19 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml<br />[2010/08/24 18:19:19 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml<br />[2010/08/10 08:16:17 | 00,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml<br />[2010/08/24 18:19:19 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml<br />[2010/08/24 18:19:19 | 00,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml<br /> <br />O1 HOSTS File: (620296 bytes) - C:\WINDOWS\system32\drivers\etc\HOSTS<br />O1 - Hosts: 127.0.0.1 localhost<br />O1 - Hosts: 127.0.0.1 fr.a2dfp.net<br />O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net<br />O1 - Hosts: 127.0.0.1 ad.a8.net<br />O1 - Hosts: 127.0.0.1 asy.a8ww.net<br />O1 - Hosts: 127.0.0.1 abcstats.com<br />O1 - Hosts: 127.0.0.1 a.abv.bg<br />O1 - Hosts: 127.0.0.1 adserver.abv.bg<br />O1 - Hosts: 127.0.0.1 adv.abv.bg<br />O1 - Hosts: 127.0.0.1 bimg.abv.bg<br />O1 - Hosts: 127.0.0.1 ca.abv.bg<br />O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua<br />O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com<br />O1 - Hosts: 127.0.0.1 accuserveadsystem.com<br />O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com<br />O1 - Hosts: 127.0.0.1 achmedia.com<br />O1 - Hosts: 127.0.0.1 aconti.net<br />O1 - Hosts: 127.0.0.1 secure.aconti.net<br />O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]<br />O1 - Hosts: 127.0.0.1 ads.active.com<br />O1 - Hosts: 127.0.0.1 am1.activemeter.com<br />O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]<br />O1 - Hosts: 127.0.0.1 ads.activepower.net<br />O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]<br />O1 - Hosts: 127.0.0.1 ad2games.com<br />O1 - Hosts: 16355 more lines...<br />O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()<br />O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found<br />O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)<br />O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)<br />O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)<br />O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)<br />O4 - HKLM..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe (Netropa Corp.)<br />O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)<br />O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)<br />O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)<br />O4 - HKLM..\Run: [PCTVOICE] C:\WINDOWS\System32\pctspk.exe ()<br />O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)<br />O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)<br />O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)<br />O4 - HKCU..\Run: [gStart] C:\Program Files\Garmin\gStart.exe File not found<br />O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)<br />O4 - Startup: C:\Documents and Settings\My Dell\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()<br />O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present<br />O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1<br />O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863<br />O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323<br />O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0<br />O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0<br />O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = <br />O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = <br />O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1<br />O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1<br />O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present<br />O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present<br />O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323<br />O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863<br />O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0<br />O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0<br />O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)<br />O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)<br />O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)<br />O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.<br />O15 - HKCU\..Trusted Domains: comodo.com ([www] https in Trusted sites)<br />O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)<br />O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)<br />O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)<br />O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)<br />O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)<br />O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)<br />O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)<br />O15 - HKCU\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)<br />O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)<br />O15 - HKCU\..Trusted Domains: 28 domain(s) and sub-domain(s) not assigned to a zone.<br />O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} <a href='http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab' class='bbc_url' title='External link' rel='nofollow external'>
http://download.micr.../OGAControl.cab</a> (Office Genuine Advantage Validation Tool)<br />O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} <a href='http://office.microsoft.com/officeupdate/content/opuc3.cab' class='bbc_url' title='External link' rel='nofollow external'>
http://office.micros...t/opuc3.cab</a> (Office Update Installation Engine)<br />O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} <a href='http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab' class='bbc_url' title='External link' rel='nofollow external'>
http://h20264.www2.h...icsxp2k.cab</a> (Reg Error: Key error.)<br />O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} <a href='http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1081087971508' class='bbc_url' title='External link' rel='nofollow external'>
http://update.micros...81087971508</a> (WUWebControl Class)<br />O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <a href='http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156199503915' class='bbc_url' title='External link' rel='nofollow external'>
http://update.micros...56199503915</a> (MUWebControl Class)<br />O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <a href='http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab' class='bbc_url' title='External link' rel='nofollow external'>
http://fpdownload.ma...trashim.cab</a> (Reg Error: Key error.)<br />O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} <a href='http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab' class='bbc_url' title='External link' rel='nofollow external'>
http://platformdl.ad.../1.6/gp.cab</a> (Reg Error: Key error.)<br />O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.227.16.62 137.118.1.32<br />O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)<br />O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)<br />O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)<br />O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)<br />O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)<br />O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)<br />O18 - Protocol\Handler\ipp - No CLSID value found<br />O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)<br />O18 - Protocol\Handler\msdaipp - No CLSID value found<br />O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)<br />O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)<br />O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)<br />O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)<br />O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)<br />O24 - Desktop Components:0 (My Current Home Page) - About:Home<br />O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)<br />O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()<br />O31 - SafeBoot: AlternateShell - cmd.exe<br />O32 - HKLM CDRom: AutoRun - 1<br />O32 - AutoRun File - [2002/08/23 05:39:40 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]<br />O34 - HKLM BootExecute: (autocheck) - File not found<br />O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)<br />O34 - HKLM BootExecute: (*) - File not found<br />O35 - comfile [open] -- "%1" %* File not found<br />O35 - exefile [open] -- "%1" %* File not found<br /> <br /><font color="#E56717">========== Files/Folders - Created Within 14 Days ==========</font><br /> <br />[2010/10/17 09:34:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\My Dell\Application Data\Foxit Software<br />[2010/10/16 11:52:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\My Dell\Desktop\1016logs<br />[2010/10/15 12:46:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\My Dell\Desktop\gmer<br />[2010/10/15 12:42:09 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF<br />[2010/10/15 11:30:36 | 00,000,000 | ---D | C] -- C:\Program Files\PhotoScape<br />[1 C:\Documents and Settings\My Dell\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\My Dell\Local Settings\Application Data\*.tmp -> ]<br /> <br /><font color="#E56717">========== Files - Modified Within 14 Days ==========</font><br /> <br />[2010/10/20 05:54:00 | 00,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job<br />[2010/10/20 04:54:01 | 00,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job<br />[2010/10/20 04:13:34 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job<br />[2010/10/20 04:07:03 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl<br />[2010/10/20 04:06:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT<br />[2010/10/20 04:05:49 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat<br />[2010/10/20 04:05:40 | 10,732,13440 | -HS- | M] () -- C:\hiberfil.sys<br />[2010/10/20 04:02:56 | 06,819,840 | ---- | M] () -- C:\Documents and Settings\My Dell\ntuser.dat<br />[2010/10/16 10:56:54 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\My Dell\ntuser.ini<br />[2010/10/16 10:56:51 | 03,712,656 | -H-- | M] () -- C:\Documents and Settings\My Dell\Local Settings\Application Data\IconCache.db<br />[2010/10/15 17:08:59 | 00,000,311 | ---- | M] () -- C:\WINDOWS\MMKEYBD.INI<br />[2010/10/15 17:08:56 | 00,000,269 | ---- | M] () -- C:\WINDOWS\MSIOSD.INI<br />[2010/10/15 17:03:47 | 00,325,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT<br />[2010/10/15 13:37:32 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK<br />[2010/10/15 12:09:28 | 00,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk<br />[2010/10/15 08:44:20 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini<br />[2010/10/15 05:50:25 | 00,010,180 | ---- | M] () -- C:\Documents and Settings\My Dell\Desktop\GTG_removalGuide.rtf<br />[2010/10/14 06:51:11 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat<br />[2010/10/08 09:38:11 | 00,000,360 | ---- | M] () -- C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp officejet 4200 series#1156527236.job<br />[2010/10/08 06:28:19 | 00,567,634 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI<br />[2010/10/08 06:28:19 | 00,492,562 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat<br />[2010/10/08 06:28:19 | 00,084,496 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat<br />[1 C:\Documents and Settings\My Dell\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\My Dell\Local Settings\Application Data\*.tmp -> ]<br /> <br /><font color="#E56717">========== Files Created - No Company Name ==========</font><br /> <br />[2010/10/16 10:59:05 | 10,732,13440 | -HS- | C] () -- C:\hiberfil.sys<br />[2010/10/15 05:50:24 | 00,010,180 | ---- | C] () -- C:\Documents and Settings\My Dell\Desktop\GTG_removalGuide.rtf<br />[2010/10/12 07:59:01 | 06,819,840 | ---- | C] () -- C:\Documents and Settings\My Dell\ntuser.dat<br />[2010/09/10 08:37:36 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\My Dell\Local Settings\Application Data\PUTTY.RND<br />[2010/07/15 13:38:38 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\infcpy.dll<br />[2010/06/07 13:12:46 | 00,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll<br />[2009/12/20 20:42:18 | 00,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini<br />[2009/12/07 08:41:38 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini<br />[2009/12/07 08:41:37 | 00,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini<br />[2009/12/07 08:41:35 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini<br />[2009/12/07 07:09:22 | 00,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI<br />[2009/10/23 08:22:39 | 00,000,639 | ---- | C] () -- C:\WINDOWS\QEFamily.INI<br />[2009/08/31 10:05:16 | 00,101,376 | ---- | C] () -- C:\WINDOWS\System32\hpgt34.dll<br />[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll<br />[2009/07/29 07:45:59 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini<br />[2009/06/27 16:22:18 | 00,005,632 | ---- | C] () -- C:\Documents and Settings\My Dell\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini<br />[2008/01/31 10:59:21 | 00,000,032 | ---- | C] () -- C:\WINDOWS\render.ini<br />[2006/12/01 15:19:15 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini<br />[2006/08/26 08:49:03 | 00,000,130 | ---- | C] () -- C:\Documents and Settings\My Dell\Local Settings\Application Data\fusioncache.dat<br />[2006/08/25 12:51:55 | 00,005,629 | ---- | C] () -- C:\Documents and Settings\My Dell\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log<br />[2006/08/25 12:51:55 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini<br />[2006/08/22 09:57:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI<br />[2006/08/22 09:03:48 | 00,005,470 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log<br />[2006/08/21 14:36:17 | 00,001,035 | ---- | C] () -- C:\WINDOWS\AutoCAD 2000 EReg.ini<br />[2006/08/21 13:56:30 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI<br />[2006/08/21 13:47:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI<br />[2006/08/19 15:01:35 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll<br />[2006/08/19 14:43:49 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll<br />[2006/08/19 14:39:18 | 00,000,311 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI<br />[2006/08/19 14:39:18 | 00,000,269 | ---- | C] () -- C:\WINDOWS\MSIOSD.INI<br />[2006/08/19 14:39:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WININIT.INI<br />[2006/08/18 11:48:19 | 00,094,312 | ---- | C] () -- C:\Documents and Settings\My Dell\Local Settings\Application Data\GDIPFONTCACHEV1.DAT<br />[2006/06/29 14:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont<br />[2006/06/29 14:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont<br />[2006/04/18 15:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont<br />[2006/04/18 15:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont<br />[2004/04/03 01:24:06 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\mdmmoh.dll<br />[2003/07/16 11:45:02 | 00,000,648 | ---- | C] () -- C:\WINDOWS\win.ini<br />[2003/07/16 11:41:30 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini<br />[2002/08/23 06:51:18 | 03,712,656 | -H-- | C] () -- C:\Documents and Settings\My Dell\Local Settings\Application Data\IconCache.db<br />[2002/08/23 05:52:09 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\My Dell\Application Data\desktop.ini<br />[2002/08/22 22:24:35 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini<br />[1999/01/22 13:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL<br />[1998/01/12 03:00:00 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL<br />[1996/04/03 14:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys<br /> <br /><font color="#E56717">========== LOP Check ==========</font><br /> <br />[2010/08/27 13:07:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN<br />[2007/12/02 19:14:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier<br />[2010/10/15 04:34:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP<br />[2010/03/25 18:45:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\My Dell\Application Data\Auslogics<br />[2009/11/09 16:02:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\My Dell\Application Data\CoreFTP<br />[2006/08/19 16:05:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\My Dell\Application Data\Dell<br />[2010/10/17 09:34:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\My Dell\Application Data\Foxit Software<br />[2009/10/22 22:12:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\My Dell\Application Data\FTPGenius<br />[2010/08/28 07:29:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\My Dell\Application Data\GARMIN<br />[2010/09/15 15:00:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\My Dell\Application Data\ImgBurn<br />[2009/01/20 14:05:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\My Dell\Application Data\Leadertech<br />[2009/11/05 13:48:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\My Dell\Application Data\OfficeUpdate12<br />[2010/08/26 18:52:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\My Dell\Application Data\PhotoScape<br />[2009/11/04 16:01:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\My Dell\Application Data\Pmcc<br />[2010/08/22 12:47:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\My Dell\Application Data\PrimoPDF<br />[2007/04/21 12:45:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\My Dell\Application Data\Smith Micro<br />[2009/12/10 05:21:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\My Dell\Application Data\Thunderbird<br />[2010/02/13 08:06:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\My Dell\Application Data\Uniblue<br />[2003/07/16 11:31:17 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini<br />[2010/10/20 04:13:34 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job<br />[2010/10/20 04:06:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT<br /> <br /><font color="#E56717">========== Purity Check ==========</font><br /> <br /> <br /> <br /><font color="#E56717">========== Custom Scans ==========</font><br /> <br /> <br /><font color="#A23BEC">< %SYSTEMDRIVE%\inetserver.exe\*.* ></font><br /> <br /><font color="#A23BEC">< %systemroot%\java\trustlib\*.* ></font><br /> <br /><font color="#A23BEC">< %ProgramFiles%\Common Files\designer\*.exe ></font><br /> <br /><font color="#A23BEC">< %ProgramFiles%\*. ></font><br />[2009/11/09 16:01:55 | 00,000,000 | ---D | M] -- C:\Program Files\3Com<br />[2010/01/21 11:50:56 | 00,000,000 | ---D | M] -- C:\Program Files\7-Zip<br />[2010/09/01 18:14:30 | 00,000,000 | ---D | M] -- C:\Program Files\ACAD2000<br />[2010/08/20 07:48:27 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe<br />[2010/09/15 16:02:01 | 00,000,000 | ---D | M] -- C:\Program Files\Ahead<br />[2009/11/30 06:13:14 | 00,000,000 | ---D | M] -- C:\Program Files\Alwil Software<br />[2006/08/19 15:02:07 | 00,000,000 | ---D | M] -- C:\Program Files\ATI Technologies<br />[2010/09/13 07:28:34 | 00,000,000 | ---D | M] -- C:\Program Files\Auslogics<br />[2010/01/31 08:48:18 | 00,000,000 | ---D | M] -- C:\Program Files\AzTools<br />[2010/08/20 07:53:55 | 00,000,000 | ---D | M] -- C:\Program Files\Canon<br />[2010/10/20 04:51:03 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files<br />[2010/06/24 01:37:30 | 00,000,000 | ---D | M] -- C:\Program Files\COMODO<br />[2009/11/09 16:01:54 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications<br />[2006/12/02 10:29:28 | 00,000,000 | ---D | M] -- C:\Program Files\CONEXANT<br />[2009/12/30 13:50:57 | 00,000,000 | ---D | M] -- C:\Program Files\Create Family Trees<br />[2010/02/09 05:41:28 | 00,000,000 | ---D | M] -- C:\Program Files\Debugging Tools for Windows (x86)<br />[2009/11/05 13:49:01 | 00,000,000 | ---D | M] -- C:\Program Files\Dell<br />[2006/11/21 12:23:06 | 00,000,000 | ---D | M] -- C:\Program Files\Dell TrueMobile 1150<br />[2010/08/27 12:09:06 | 00,000,000 | ---D | M] -- C:\Program Files\DIFX<br />[2009/11/09 17:37:56 | 00,000,000 | ---D | M] -- C:\Program Files\ERUNT<br />[2010/08/29 11:23:22 | 00,000,000 | ---D | M] -- C:\Program Files\FileHippo.com<br />[2010/08/19 06:44:15 | 00,000,000 | ---D | M] -- C:\Program Files\G7toWIN<br />[2010/09/21 08:04:56 | 00,000,000 | ---D | M] -- C:\Program Files\Garmin<br />[2010/08/28 07:43:13 | 00,000,000 | ---D | M] -- C:\Program Files\Garmin GPS Plugin<br />[2010/08/20 07:43:49 | 00,000,000 | ---D | M] -- C:\Program Files\Google<br />[2010/08/27 12:41:54 | 00,000,000 | ---D | M] -- C:\Program Files\Gravity<br />[2006/08/25 12:22:43 | 00,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard<br />[2008/08/07 09:52:09 | 00,000,000 | ---D | M] -- C:\Program Files\HP<br />[2010/09/15 14:51:47 | 00,000,000 | ---D | M] -- C:\Program Files\ImgBurn<br />[2010/08/29 12:43:46 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information<br />[2006/12/02 10:34:12 | 00,000,000 | ---D | M] -- C:\Program Files\Intel<br />[2010/10/15 13:35:05 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer<br />[2010/02/01 06:00:20 | 00,000,000 | ---D | M] -- C:\Program Files\KeyNote<br />[2009/11/11 14:27:01 | 00,000,000 | ---D | M] -- C:\Program Files\Lavasoft<br />[2008/03/12 14:38:14 | 00,000,000 | ---D | M] -- C:\Program Files\Linksys EasyLink Advisor<br />[2010/06/29 19:25:23 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware<br />[2010/08/27 12:44:50 | 00,000,000 | ---D | M] -- C:\Program Files\MAPC2MAPC<br />[2010/08/23 03:40:03 | 00,000,000 | ---D | M] -- C:\Program Files\McAfee<br />[2008/08/14 06:53:05 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger<br />[2007/05/09 11:22:58 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2<br />[2006/08/21 14:01:37 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage<br />[2007/10/25 10:41:31 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office<br />[2010/10/15 12:09:39 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Essentials<br />[2010/08/11 14:25:48 | 00,000,000 | ---D | M] -- C:\Program Files\mIRC<br />[2007/04/21 12:39:26 | 00,000,000 | ---D | M] -- C:\Program Files\Motorola USB Drivers<br />[2010/08/11 08:18:14 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker<br />[2010/10/20 05:10:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox<br />[2010/10/20 03:54:23 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Thunderbird<br />[2009/09/01 20:23:20 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild<br />[2008/07/31 09:37:11 | 00,000,000 | ---D | M] -- C:\Program Files\msn<br />[2002/08/23 05:34:41 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone<br />[2009/11/09 16:01:52 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0<br />[2008/07/31 09:23:31 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting<br />[2006/12/02 10:29:28 | 00,000,000 | ---D | M] -- C:\Program Files\Netropa<br />[2010/06/07 13:12:39 | 00,000,000 | ---D | M] -- C:\Program Files\Nitro PDF<br />[2010/09/15 14:28:34 | 00,000,000 | ---D | M] -- C:\Program Files\nLite<br />[2002/08/23 05:37:37 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services<br />[2010/05/12 13:07:37 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express<br />[2008/02/29 06:39:45 | 00,000,000 | ---D | M] -- C:\Program Files\Overland<br />[2009/12/31 04:13:11 | 00,000,000 | ---D | M] -- C:\Program Files\Pawsoft<br />[2010/10/15 11:30:44 | 00,000,000 | ---D | M] -- C:\Program Files\PhotoScape<br />[2009/09/01 20:22:49 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies<br />[2009/11/15 15:38:27 | 00,000,000 | ---D | M] -- C:\Program Files\Registry Mechanic<br />[2010/08/29 14:54:27 | 00,000,000 | ---D | M] -- C:\Program Files\SEUSA<br />[2009/11/09 16:01:52 | 00,000,000 | ---D | M] -- C:\Program Files\SonicWallES<br />[2010/09/13 11:28:16 | 00,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy<br />[2010/10/15 04:34:27 | 00,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster<br />[2010/10/15 04:34:48 | 00,000,000 | ---D | M] -- C:\Program Files\SpywareGuard<br />[2010/10/01 14:58:05 | 00,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware<br />[2006/08/19 14:43:48 | 00,000,000 | ---D | M] -- C:\Program Files\Synaptics<br />[2010/01/30 10:48:01 | 00,000,000 | ---D | M] -- C:\Program Files\TerraGo Technologies<br />[2009/12/29 06:40:05 | 00,000,000 | ---D | M] -- C:\Program Files\Trend Micro<br />[2009/12/29 07:03:49 | 00,000,000 | ---D | M] -- C:\Program Files\TrendMicro<br />[2006/08/19 14:28:34 | 00,000,000 | ---D | M] -- C:\Program Files\UIU<br />[2009/11/09 16:01:52 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information<br />[2010/08/29 05:04:50 | 00,000,000 | ---D | M] -- C:\Program Files\us_p_se<br />[2010/06/24 16:41:56 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2<br />[2010/06/24 16:41:56 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player<br />[2008/07/31 09:23:14 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT<br />[2002/08/23 05:45:57 | 00,000,000 | ---D | M] -- C:\Program Files\xerox<br />[2009/01/28 13:09:56 | 00,000,000 | ---D | M] -- C:\Program Files\Zone Labs<br /> <br /><font color="#A23BEC">< %systemroot%\system32\*.tso ></font><br /> <br /><font color="#A23BEC">< %ALLUSERSPROFILE%\Documents\Server\*.* ></font><br /> <br /><font color="#A23BEC">< %systemroot%\*.pif ></font><br />[2003/07/16 11:48:25 | 00,000,707 | ---- | M] () -- C:\WINDOWS\_default.pif<br /> <br /><font color="#A23BEC">< %systemroot%\system32\n7533\*.* ></font><br /> <br /><font color="#A23BEC">< %systemroot%\Us18336\*.* ></font><br /> <br /><font color="#A23BEC">< %systemroot%\system32\*.zip ></font><br /> <br /><font color="#A23BEC">< %systemroot%\system32\*.wgo ></font><br /> <br /><font color="#A23BEC">< %systemroot%\system32\dllcache\*.com ></font><br /> <br /><font color="#A23BEC">< %systemroot%\system32\dllchache\*.* ></font><br /> <br /><font color="#A23BEC">< %systemroot%\system32\038840\*.* ></font><br /> <br /><font color="#A23BEC">< %systemroot%\system32\13E92A\*.* ></font><br /> <br /><font color="#A23BEC">< %systemroot%\system32\1CB5AD\*.* ></font><br /> <br /><font color="#A23BEC">< %systemroot%\system32\52682A\*.* ></font><br /> <br /><font color="#A23BEC">< %USERPROFILE%\My Documents\*.htm ></font><br /> <br /><font color="#A23BEC">< %SYSTEMDRIVE%\Mr_CF\*.* ></font><br /> <br /><font color="#A23BEC">< %USERPROFILE%\My Documents\*.dll ></font><br /> <br /><font color="#A23BEC">< %USERPROFILE%\My Documents\*.ccc ></font><br /> <br /><font color="#A23BEC">< %systemroot%\system32\Sis\*.* ></font><br /> <br /><font color="#A23BEC">< %systemroot%\Microsft\*.* ></font><br /> <br /><font color="#A23BEC">< %SYSTEMDRIVE%\driverwinx.exe\*.* ></font><br /> <br /><font color="#A23BEC">< %systemroot%\BifroXx\*.* ></font><br /> <br /><font color="#A23BEC">< %SYSTEMDRIVE%\TSTP\*.* ></font><br /> <br /><font color="#A23BEC">< %systemroot%\winsn\*.* ></font><br /> <br /><font color="#A23BEC">< %ProgramFiles%\windata\*.* ></font><br /> <br /><font color="#A23BEC">< %SYSTEMDRIVE%\msixxxxxxx.exe\*.* ></font><br /> <br /><font color="#A23BEC">< %systemroot%\system32\*.sao ></font><br /> <br /><font color="#A23BEC">< %systemroot%\system32\*.iem ></font><br /> <br /><font color="#A23BEC">< %systemroot%\system32\*.mdd ></font><br /> <br /><font color="#A23BEC">< %systemroot%\system32\*.wlo ></font><br /> <br /><font color="#A23BEC">< %systemroot%\system32\*.skn ></font><br /> <br /><font color="#A23BEC">< %SYSTEMDRIVE%\Winup\*.* ></font><br /> <br /><font color="#A23BEC">< %SYSTEMDRIVE%\test\*.* ></font><br /> <br /><font color="#A23BEC">< %systemroot%\system32\med\*.* ></font><br /> <br /><font color="#A23BEC">< %systemroot%\Bifrost\*.* ></font><br /> <br /><font color="#A23BEC">< %systemroot%\system32\explorer.exe\*.* ></font><br /> <br /><font color="#A23BEC">< %UserProfile%\UserData\*.dat /x ></font><br /> <br /><font color="#A23BEC">< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU ></font><br /> <br /><font color="#A23BEC">< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs ></font><br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-15 18:38:27<br /> <br /><font color="#E56717">========== Alternate Data Streams ==========</font><br /> <br />@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34<br />@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1<br />< End of report ><br /><br />Thank you<br />CrackerBoy
EDIT:
Apparent conflict with Commodo Defense+ caused gmer not to run; log posted below. Appears clear.
GMER 1.0.15.15477 -
http://www.gmer.net
Rootkit scan 2010-10-20 13:35:11
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\MYDELL~1\LOCALS~1\Temp\kwlyrkow.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEB368620]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[940] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 005017E0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[940] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 005181B0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3596] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00719AB0 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
---- EOF - GMER 1.0.15 ----
Edited by CrackerBoy, 20 October 2010 - 12:44 PM.
Sign In
Create Account
