Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Internet Redirect Problems

Started by inventor24 , Oct 22 2010 07:37 AM

Please log in to reply

#1
inventor24

Posted 22 October 2010 - 07:37 AM

Member

Member
10 posts

A computer we have is having problems with Internet redirects when searching and clicking links to websites. I have to goto properties of the link and copy and paste the website address into the address bar before I can access the site. I went thru all the steps required in the removal guide. Pleas help.

Thanks,
Inventor24

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4839

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

10/15/2010 4:38:07 PM
mbam-log-2010-10-15 (16-38-07).txt

Scan type: Quick scan
Objects scanned: 187447
Time elapsed: 9 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-------------------------------------------------------------------------------

GooredFix by jpshortstuff (03.07.10.1)
Log created at 14:09 on 15/10/2010 (bill.summers)
Firefox version [Unable to determine]

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [13:54 11/02/2010]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor Enterprise\" [12:14 23/03/2010]

-=E.O.F=-

--------------------------------------------------------------------------------

OTL logfile created on: 10/22/2010 9:12:26 AM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\bill.summers\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.43 Gb Total Space | 20.73 Gb Free Space | 60.20% Space Free | Partition Type: NTFS
Drive Z: | 465.17 Gb Total Space | 302.82 Gb Free Space | 65.10% Space Free | Partition Type: NTFS

Computer Name: GAGE14 | User Name: bill.summers | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/22 09:09:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bill.summers\Desktop\OTL.exe
PRC - [2010/07/24 00:10:04 | 000,476,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
PRC - [2010/07/24 00:06:52 | 000,282,824 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
PRC - [2010/02/11 09:54:06 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2010/02/11 09:24:56 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/12/16 20:31:06 | 000,222,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
PRC - [2009/12/15 15:22:34 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
PRC - [2009/12/15 15:21:04 | 000,014,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
PRC - [2008/01/31 15:01:38 | 000,159,744 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007/11/09 21:51:40 | 000,540,672 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2007/11/05 22:34:58 | 000,741,376 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2007/10/11 20:03:10 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2005/01/26 19:49:39 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2004/10/14 17:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/09/14 10:50:48 | 000,131,072 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
PRC - [2004/09/01 13:56:34 | 000,156,784 | -H-- | M] (America Online, Inc.) -- C:\Program Files\America Online 9.0\aoltray.exe
PRC - [2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/07/19 09:51:24 | 000,306,688 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2004/04/07 14:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

========== Modules (SafeList) ==========

MOD - [2010/10/22 09:09:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bill.summers\Desktop\OTL.exe
MOD - [2004/08/04 07:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.DLL
MOD - [2004/08/04 07:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\MSSCRIPT.OCX

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/07/24 00:06:52 | 000,282,824 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -- (myAgtSvc)
SRV - [2009/12/16 20:31:06 | 000,222,528 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)
SRV - [2009/12/15 15:22:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe -- (McShield)
SRV - [2009/12/15 15:21:04 | 000,014,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe -- (EngineServer)
SRV - [2004/04/07 14:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/12/15 15:29:42 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (MfeRKDK)
DRV - [2009/12/15 15:29:34 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2009/12/15 15:29:30 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (MfeBOPK)
DRV - [2009/12/15 15:29:26 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (MfeAVFK)
DRV - [2009/12/15 14:29:52 | 000,055,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfetdik.sys -- (mfetdik)
DRV - [2006/12/12 12:28:26 | 000,052,224 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BrSerIf.sys -- (BrSerIf)
DRV - [2006/09/03 10:53:54 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BrUsbSer.sys -- (BrUsbSer)
DRV - [2005/01/26 19:49:44 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/10/15 13:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/09/17 12:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/13 04:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 03:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 03:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 03:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 03:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 03:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 03:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 03:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 03:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 03:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/04 05:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/04 01:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 01:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/07/14 13:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 13:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/01/10 18:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor Enterprise\ [2010/10/14 07:30:57 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/10/15 13:47:05 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\Managed VirusScan\VScan\ScriptSn.20100802180643.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} http://server/connec...uter/nshelp.dll (NSHelp Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = GageBilt.local
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt5.0.0.811.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/22 07:22:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/20 13:56:10 | 000,000,000 | ---D | M] - Z:\AutoRun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\IAC25_32.AX (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\L3CODECA.ACM (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\SL_ANET.ACM (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\ICCVID.DLL (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\IR41_32.AX (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\IR50_32.DLL (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/22 09:09:33 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bill.summers\Desktop\OTL.exe
[2010/10/22 06:54:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\bill.summers\IECompatCache
[2010/10/18 06:54:07 | 000,000,000 | ---D | C] -- C:\ISTS
[2010/10/15 17:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/15 17:13:44 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/10/15 16:23:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/10/15 14:11:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bill.summers\Desktop\tdsskiller
[2010/10/15 14:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bill.summers\Desktop\GooredFix Backups
[2010/10/15 14:08:52 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\bill.summers\Desktop\GooredFix.exe
[2010/10/15 13:47:03 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/10/15 13:43:57 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bill.summers\Desktop\OTM.exe
[2010/10/15 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/15 13:40:21 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/10/15 13:39:50 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\bill.summers\Desktop\erunt-setup.exe
[2010/09/28 13:18:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server

========== Files - Modified Within 90 Days ==========

[2010/10/22 09:11:57 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\bill.summers\Desktop\~$lpaste.doc
[2010/10/22 09:09:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bill.summers\Desktop\OTL.exe
[2010/10/22 09:08:49 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\bill.summers\Desktop\otlpaste.doc
[2010/10/22 09:08:06 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\bill.summers\Desktop\Microsoft Office Word 2003.lnk
[2010/10/22 09:02:48 | 000,000,537 | ---- | M] () -- C:\WINDOWS\Tp5win.ini
[2010/10/22 09:01:00 | 000,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/10/22 08:48:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/22 06:57:21 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F8786F99-8078-4854-8DD0-0233302BF971}.job
[2010/10/22 03:48:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/21 23:49:14 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\bill.summers\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/21 23:49:13 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/10/19 12:28:23 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\bill.summers\Desktop\Microsoft Office Excel 2003.lnk
[2010/10/18 11:27:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/10/18 11:26:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/10/18 11:26:08 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/18 08:11:53 | 000,137,728 | ---- | M] () -- C:\WINDOWS\System32\zipdll.dll
[2010/10/18 08:11:53 | 000,119,808 | ---- | M] () -- C:\WINDOWS\System32\unzdll.dll
[2010/10/15 17:22:37 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/15 15:49:11 | 000,285,230 | ---- | M] () -- C:\Documents and Settings\bill.summers\Desktop\gmer.zip
[2010/10/15 14:16:38 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/15 14:10:46 | 001,211,285 | ---- | M] () -- C:\Documents and Settings\bill.summers\Desktop\tdsskiller.zip
[2010/10/15 14:08:52 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\bill.summers\Desktop\GooredFix.exe
[2010/10/15 13:47:05 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2010/10/15 13:44:13 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bill.summers\Desktop\OTM.exe
[2010/10/15 13:40:22 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\bill.summers\Desktop\ERUNT.lnk
[2010/10/15 13:39:53 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\bill.summers\Desktop\erunt-setup.exe
[2010/10/07 15:37:07 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\bill.summers\Desktop\New Hire Form.xls
[2010/10/04 12:48:39 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\bill.summers\Desktop\FAX.doc
[2010/09/11 08:33:23 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\bill.summers\Desktop\Gage Bilt Letterhead .doc
[2010/08/13 14:44:29 | 000,143,360 | ---- | M] () -- C:\Documents and Settings\bill.summers\Desktop\Procedure Master Form.doc
[2010/08/12 14:02:53 | 000,343,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/03 13:16:00 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI

========== Files Created - No Company Name ==========

[2010/10/22 09:11:57 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\bill.summers\Desktop\~$lpaste.doc
[2010/10/22 09:08:48 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\bill.summers\Desktop\otlpaste.doc
[2010/10/22 06:54:20 | 000,000,436 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F8786F99-8078-4854-8DD0-0233302BF971}.job
[2010/10/18 08:11:53 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\zipdll.dll
[2010/10/18 08:11:53 | 000,119,808 | ---- | C] () -- C:\WINDOWS\System32\unzdll.dll
[2010/10/15 17:22:37 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/15 15:49:09 | 000,285,230 | ---- | C] () -- C:\Documents and Settings\bill.summers\Desktop\gmer.zip
[2010/10/15 14:10:43 | 001,211,285 | ---- | C] () -- C:\Documents and Settings\bill.summers\Desktop\tdsskiller.zip
[2010/10/15 13:40:22 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\bill.summers\Desktop\ERUNT.lnk
[2010/10/07 15:37:07 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\bill.summers\Desktop\New Hire Form.xls
[2010/08/02 16:33:15 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2010/08/02 16:33:15 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/08/02 16:33:15 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2010/08/02 16:33:14 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2010/08/02 16:33:08 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2010/08/02 16:33:08 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2010/08/02 16:33:08 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2010/08/02 16:33:08 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2010/08/02 16:33:07 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2010/08/02 16:33:07 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2010/08/02 16:33:07 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2010/08/02 16:33:07 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2010/08/02 16:33:07 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2010/08/02 16:33:07 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2010/08/02 16:33:07 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2010/08/02 16:33:07 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2010/08/02 16:33:07 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2010/08/02 16:33:07 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2010/08/02 16:33:06 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2010/08/02 16:33:01 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2010/08/02 16:33:01 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2010/08/02 16:33:01 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2010/08/02 16:32:59 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/08/02 16:32:59 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/08/02 16:32:46 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/08/02 16:32:30 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/08/02 16:32:28 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/08/02 16:32:24 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/08/02 16:32:23 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/07/13 07:59:30 | 000,036,692 | ---- | C] () -- C:\Documents and Settings\bill.summers\Application Data\Comma Separated Values (Windows).ADR
[2010/07/13 07:58:44 | 000,020,088 | ---- | C] () -- C:\Documents and Settings\bill.summers\Application Data\Comma Separated Values (Windows).EML
[2010/03/23 10:25:23 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\bill.summers\Application Data\PFP120JPR.{PB
[2010/03/23 10:25:23 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\bill.summers\Application Data\PFP120JCM.{PB
[2010/03/23 09:30:09 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\bill.summers\Local Settings\Application Data\FASTWiz.html
[2010/03/23 09:25:59 | 000,030,048 | ---- | C] () -- C:\Documents and Settings\bill.summers\Local Settings\Application Data\FASTWiz.log
[2010/02/11 10:21:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/02/11 09:50:13 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/02/11 09:49:30 | 000,000,212 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/02/11 09:49:30 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/02/11 09:48:59 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2010/02/11 09:48:32 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2010/02/11 09:48:31 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/02/11 09:46:55 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/02/11 09:42:58 | 000,000,537 | ---- | C] () -- C:\WINDOWS\Tp5win.ini
[2009/11/17 13:16:38 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\BTRDRVR.SYS
[2005/01/26 19:53:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/26 19:42:11 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/26 19:07:12 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/16 00:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 19:25:56 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/11 19:14:38 | 000,004,397 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/04 07:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\SECDRV.SYS
[2004/08/04 07:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1997/08/14 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/08/14 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1980/01/01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2010/02/11 09:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/06/22 07:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pervasive Software
[2010/02/11 09:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2005/01/26 19:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/03/24 11:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bill.summers\Application Data\ScanSoft
[2010/03/23 09:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bill.summers\Application Data\Xerox
[2010/10/22 09:01:00 | 000,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/10/22 06:57:21 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F8786F99-8078-4854-8DD0-0233302BF971}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/06/22 07:22:46 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/02/11 09:03:10 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2004/08/11 19:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/01/26 19:11:26 | 000,003,945 | RH-- | M] () -- C:\DELL.SDR
[2010/02/11 10:18:02 | 000,004,379 | -H-- | M] () -- C:\ffastun.ffa
[2010/02/11 10:18:02 | 000,090,112 | -H-- | M] () -- C:\ffastun.ffl
[2010/02/11 10:18:02 | 000,262,144 | -H-- | M] () -- C:\ffastun.ffo
[2010/02/11 10:18:02 | 000,290,816 | -H-- | M] () -- C:\ffastun0.ffx
[2010/10/18 11:26:08 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys
[2004/08/11 19:27:32 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 19:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2005/01/26 19:50:26 | 000,000,747 | -H-- | M] () -- C:\IPH.PH
[2010/10/15 14:17:17 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/08/11 19:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 07:00:00 | 000,250,032 | RHS- | M] () -- C:\NTLDR
[2010/10/18 11:26:06 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/10/18 11:27:50 | 000,001,529 | ---- | M] () -- C:\SMax.log
[2005/01/26 19:30:30 | 000,001,532 | ---- | M] () -- C:\SMax.log.bak
[2005/01/26 19:50:44 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2010/10/15 14:12:10 | 000,045,792 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_15.10.2010_14.11.25_log.txt

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/11 19:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2004/08/11 19:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2004/08/11 19:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoUpdate" = 0
"AUOptions" = 4
"RescheduleWaitTimeEnabled" = 1
"RescheduleWaitTime" = 1
"RebootWarningTimeoutEnabled" = 1
"RebootWarningTimeout" = 5
"RebootRelaunchTimeoutEnabled" = 1
"RebootRelaunchTimeout" = 10
"DetectionFrequencyEnabled" = 1
"DetectionFrequency" = 1
"AutoInstallMinorUpdates" = 1
"UseWUServer" = 1
"NoAutoRebootWithLoggedOnUsers" = 0
"ScheduledInstallDay" = 0
"ScheduledInstallTime" = 3

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-03-23 12:37:44

< End of report >

------------------------------------------------------------------------------------

OTL Extras logfile created on: 10/22/2010 9:12:26 AM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\bill.summers\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.43 Gb Total Space | 20.73 Gb Free Space | 60.20% Space Free | Partition Type: NTFS
Drive Z: | 465.17 Gb Total Space | 302.82 Gb Free Space | 65.10% Space Free | Partition Type: NTFS

Computer Name: GAGE14 | User Name: bill.summers | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Paint Shop Pro Studio] -- "C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\\Paint Shop Pro Studio.exe" "/Browse" "%L" (Jasc Software, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"Enabled" = 1
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"135:TCP:*:Enabled:Offer Remote Assistance - Port" = 135:TCP:*:Enabled:Offer Remote Assistance - Port

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = LocalSubnet

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent -- (McAfee, Inc.)
"C:\WINDOWS\SYSTEM32\USMT\MIGWIZ.EXE" = C:\WINDOWS\SYSTEM32\USMT\MIGWIZ.EXE:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent -- (McAfee, Inc.)
"C:\WINDOWS\SYSTEM32\USMT\MIGWIZ.EXE" = C:\WINDOWS\SYSTEM32\USMT\MIGWIZ.EXE:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0A3238D7-AA32-1030-B717-F3E3F18B4A8C}" = Pervasive PSQL v10 SP3 Client (32-bit)
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23E5032B-56CA-4C19-A72E-B50161DB82CA}" = Shadow Copy Client
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{8215AC14-BFC2-4ECC-96D6-1030202F8BDF}" = Visual C++ 8.0 x86 Runtime Setup Package
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901D1286-529B-48A9-8DDD-4A60CF9E9BF1}" = H&R Block Tax Offer
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{96963F83-7F17-4941-B16C-1E790455E93A}" = McAfee SiteAdvisor Enterprise Plus
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DellSupport" = Dell Support 5.0.0 (630)
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfeeBrowserProtection" = McAfee Browser Protection Service
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MVS" = McAfee Virus and Spyware Protection Service
"MyWaySearchAssistantDE" = My Way Search Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pervasive PSQL v10 SP3 Client (32-bit)" = Pervasive PSQL v10 SP3 Client (32-bit)
"PROSet" = Intel® PRO Network Adapters and Drivers
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/15/2010 9:43:05 AM | Computer Name = GAGE14 | Source = Application Error | ID = 1000
Description = Faulting application tp5wdba.exe, version 0.0.0.0, faulting module
tp5wdba.exe, version 0.0.0.0, fault address 0x002e9a43.

Error - 10/15/2010 1:42:33 PM | Computer Name = GAGE14 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x060a20cb.

Error - 10/15/2010 1:43:01 PM | Computer Name = GAGE14 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x060a20fb.

Error - 10/15/2010 2:08:52 PM | Computer Name = GAGE14 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x058120cb.

Error - 10/15/2010 3:48:37 PM | Computer Name = GAGE14 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x0584209b.

Error - 10/18/2010 12:23:29 PM | Computer Name = GAGE14 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x058c20cb.

Error - 10/18/2010 12:26:25 PM | Computer Name = GAGE14 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x058c20cb.

Error - 10/19/2010 12:23:00 PM | Computer Name = GAGE14 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x0418209b.

Error - 10/20/2010 9:44:32 AM | Computer Name = GAGE14 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x0598209b.

Error - 10/22/2010 12:51:40 AM | Computer Name = GAGE14 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x00b776c5.

[ System Events ]
Error - 4/14/2010 7:16:35 AM | Computer Name = GAGE14 | Source = Kerberos | ID = 7
Description = The kerberos subsystem encountered a PAC verification failure. This
indicates that the PAC from the client Dana in realm GAGEBILT.LOCAL had a PAC which
failed to verify or was modified. Contact your system administrator.

Error - 4/14/2010 7:24:23 AM | Computer Name = GAGE14 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain GAGEBILT due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 4/14/2010 7:24:23 AM | Computer Name = GAGE14 | Source = Kerberos | ID = 7
Description = The kerberos subsystem encountered a PAC verification failure. This
indicates that the PAC from the client Dana in realm GAGEBILT.LOCAL had a PAC which
failed to verify or was modified. Contact your system administrator.

Error - 6/17/2010 2:59:39 PM | Computer Name = GAGE14 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

< End of report >

#2
inventor24

Posted 22 October 2010 - 08:06 AM

Member

Topic Starter
Member
10 posts

By the way,
I did the "Remove google direct" instructions.

TIA,
Inventor24

#3
RKinner

Posted 25 October 2010 - 05:16 PM

Malware Expert

Expert
24,624 posts

You replied to your own post and didn't follow the full instructions in:
http://www.geekstogo...uide-t2852.html
which is why you weren't helped earlier.

Copy the text in the code box by highlighting and Ctrl + c


:OTL
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
   
:Commands
[RESETHOSTS]
[purity]
[emptytemp]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Uninstall:
Java 2 Runtime Environment, SE v1.4.2_03
Ask Toolbar
My Way Search Assistant

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Malwarebytes' Anti-Malware

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Post Back (copy/paste the .txt files, do not use attachments)
After following the above, post back with:

OTL Log
MBAM log
Combofix log

I'm suspecting an infected router. Would that be possible in your setup?

Start, Run, cmd, OK to bring up a Command Prompt then type (with an Enter after each line)


nslookup  google.com  >  junk.txt
notepad  junk.txt

(I use 2 spaces in the code box so you can see where 1 space goes.)

copy and paste the text from notepad.

Ron

#4
inventor24

Posted 03 November 2010 - 07:56 AM

Member

Topic Starter
Member
10 posts

I appologize, I thought I followed the directions...

I tried to uninstall the My Way Search Assistant and was unable to. I went to add and remove programs and it was showing their but when I click to uninstall it I get a an error saying "error load c:\progra~1\mywasa\" I looked in the programs folder and didn't see any folder with any name that might look like a My way search assistant.

This computer is part of a network and this is the only computer with any problems, I'm not sure if this is relevent in you suspition that it may be an infected router.

Thanks for all your help!

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//about.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Exclude.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//LanguageSelection.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Message.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryCmd.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryNag.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyNotification.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//NOCLessUpdate.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//quarantine.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//ScanNow.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//strings.vbs/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Template.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Update.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//VirFound.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\*\ deleted successfully.
Invalid CLSID key: *
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\*\ not found.
Invalid CLSID key: *
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
HidServ removed from NetSvcs value successfully!
Service HidServ stopped successfully!
Service HidServ deleted successfully!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: administrator.GAGEBILT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: assist
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: bill.summers
->Temp folder emptied: 2924733 bytes
->Temporary Internet Files folder emptied: 202723583 bytes
->Java cache emptied: 7140 bytes
->Flash cache emptied: 2069 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: McAfeeMVSUser
->Temp folder emptied: 49632 bytes
->Temporary Internet Files folder emptied: 43861 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: __sbs_netsetup__
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 502272 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7506699 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 25925977 bytes

Total Files Cleaned = 229.00 mb

OTL by OldTimer - Version 3.2.16.0 log created on 11032010_081738

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\bill.summers\Local Settings\Temp\~DFA263.tmp not found!
File\Folder C:\Documents and Settings\bill.summers\Local Settings\Temp\~DFA58A.tmp not found!
File\Folder C:\Documents and Settings\bill.summers\Local Settings\Temp\~DFB9EB.tmp not found!

Registry entries deleted on Reboot...

TL logfile created on: 11/3/2010 8:42:33 AM - Run 2
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\bill.summers\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.43 Gb Total Space | 20.53 Gb Free Space | 59.63% Space Free | Partition Type: NTFS
Drive Z: | 465.17 Gb Total Space | 301.54 Gb Free Space | 64.82% Space Free | Partition Type: NTFS

Computer Name: GAGE14 | User Name: bill.summers | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/28 14:07:14 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2010/10/22 09:09:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bill.summers\Desktop\OTL.exe
PRC - [2010/07/24 00:10:04 | 000,476,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
PRC - [2010/07/24 00:06:52 | 000,282,824 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
PRC - [2010/02/11 09:24:56 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/12/16 20:31:06 | 000,222,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
PRC - [2009/12/15 15:22:34 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
PRC - [2009/12/15 15:21:04 | 000,014,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
PRC - [2008/01/31 15:01:38 | 000,159,744 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007/11/09 21:51:40 | 000,540,672 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2007/11/05 22:34:58 | 000,741,376 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2007/10/11 20:03:10 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2005/01/26 19:49:39 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2004/10/14 17:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/09/14 10:50:48 | 000,131,072 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
PRC - [2004/09/01 13:56:34 | 000,156,784 | -H-- | M] (America Online, Inc.) -- C:\Program Files\America Online 9.0\aoltray.exe
PRC - [2004/07/19 09:51:24 | 000,306,688 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2004/04/07 14:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

========== Modules (SafeList) ==========

MOD - [2010/10/22 09:09:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bill.summers\Desktop\OTL.exe
MOD - [2004/08/04 07:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.DLL
MOD - [2004/08/04 07:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\MSSCRIPT.OCX

========== Win32 Services (SafeList) ==========

SRV - [2010/07/24 00:06:52 | 000,282,824 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -- (myAgtSvc)
SRV - [2009/12/16 20:31:06 | 000,222,528 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)
SRV - [2009/12/15 15:22:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe -- (McShield)
SRV - [2009/12/15 15:21:04 | 000,014,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe -- (EngineServer)
SRV - [2004/04/07 14:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/12/15 15:29:42 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (MfeRKDK)
DRV - [2009/12/15 15:29:34 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2009/12/15 15:29:30 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (MfeBOPK)
DRV - [2009/12/15 15:29:26 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (MfeAVFK)
DRV - [2009/12/15 14:29:52 | 000,055,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfetdik.sys -- (mfetdik)
DRV - [2006/12/12 12:28:26 | 000,052,224 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BrSerIf.sys -- (BrSerIf)
DRV - [2006/09/03 10:53:54 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BrUsbSer.sys -- (BrUsbSer)
DRV - [2005/01/26 19:49:44 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/10/15 13:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/09/17 12:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/13 04:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 03:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 03:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 03:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 03:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 03:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 03:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 03:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 03:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 03:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/04 05:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/04 01:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 01:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/07/14 13:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 13:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/01/10 18:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor Enterprise\ [2010/11/02 08:35:45 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/11/03 08:17:42 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\Managed VirusScan\VScan\ScriptSn.20100802180643.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} http://server/connec...uter/nshelp.dll (NSHelp Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = GageBilt.local
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt5.0.0.811.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/22 07:22:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/20 13:56:10 | 000,000,000 | ---D | M] - Z:\AutoRun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/11/03 08:45:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/11/03 08:28:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/11/03 08:17:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/22 09:09:33 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bill.summers\Desktop\OTL.exe
[2010/10/22 06:54:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\bill.summers\IECompatCache
[2010/10/18 06:54:07 | 000,000,000 | ---D | C] -- C:\ISTS
[2010/10/15 17:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/15 17:13:44 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/10/15 16:23:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/10/15 14:11:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bill.summers\Desktop\tdsskiller
[2010/10/15 14:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bill.summers\Desktop\GooredFix Backups
[2010/10/15 14:08:52 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\bill.summers\Desktop\GooredFix.exe
[2010/10/15 13:47:03 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/10/15 13:43:57 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bill.summers\Desktop\OTM.exe
[2010/10/15 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/15 13:40:21 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/10/15 13:39:50 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\bill.summers\Desktop\erunt-setup.exe
[2010/09/28 13:18:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/11/03 08:23:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/11/03 08:23:18 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/03 08:21:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/11/03 08:21:33 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/03 08:17:42 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2010/11/03 08:00:09 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F8786F99-8078-4854-8DD0-0233302BF971}.job
[2010/11/03 07:48:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/02 13:40:35 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\bill.summers\Desktop\Microsoft Office Word 2003.lnk
[2010/10/29 17:31:51 | 000,000,537 | ---- | M] () -- C:\WINDOWS\Tp5win.ini
[2010/10/29 14:52:50 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\bill.summers\Desktop\Microsoft Office Excel 2003.lnk
[2010/10/26 17:53:36 | 000,001,176 | ---- | M] () -- C:\Documents and Settings\bill.summers\Desktop\B- Project Report.lnk
[2010/10/22 13:31:13 | 000,000,515 | ---- | M] () -- C:\Documents and Settings\bill.summers\Desktop\9-10 INTERCHANGE.lnk
[2010/10/22 09:20:02 | 000,000,564 | ---- | M] () -- C:\Documents and Settings\bill.summers\Desktop\Desktop.lnk
[2010/10/22 09:09:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bill.summers\Desktop\OTL.exe
[2010/10/22 09:08:49 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\bill.summers\Desktop\otlpaste.doc
[2010/10/21 23:49:14 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\bill.summers\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/21 23:49:13 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/10/18 08:11:53 | 000,137,728 | ---- | M] () -- C:\WINDOWS\System32\zipdll.dll
[2010/10/18 08:11:53 | 000,119,808 | ---- | M] () -- C:\WINDOWS\System32\unzdll.dll
[2010/10/15 17:22:37 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/15 15:49:11 | 000,285,230 | ---- | M] () -- C:\Documents and Settings\bill.summers\Desktop\gmer.zip
[2010/10/15 14:16:38 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/15 14:10:46 | 001,211,285 | ---- | M] () -- C:\Documents and Settings\bill.summers\Desktop\tdsskiller.zip
[2010/10/15 14:08:52 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\bill.summers\Desktop\GooredFix.exe
[2010/10/15 13:44:13 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bill.summers\Desktop\OTM.exe
[2010/10/15 13:40:22 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\bill.summers\Desktop\ERUNT.lnk
[2010/10/15 13:39:53 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\bill.summers\Desktop\erunt-setup.exe
[2010/10/07 15:37:07 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\bill.summers\Desktop\New Hire Form.xls
[2010/10/04 12:48:39 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\bill.summers\Desktop\FAX.doc
[2010/09/11 08:33:23 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\bill.summers\Desktop\Gage Bilt Letterhead .doc
[2010/08/13 14:44:29 | 000,143,360 | ---- | M] () -- C:\Documents and Settings\bill.summers\Desktop\Procedure Master Form.doc
[2010/08/12 14:02:53 | 000,343,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/26 17:51:11 | 000,001,176 | ---- | C] () -- C:\Documents and Settings\bill.summers\Desktop\B- Project Report.lnk
[2010/10/22 13:31:13 | 000,000,515 | ---- | C] () -- C:\Documents and Settings\bill.summers\Desktop\9-10 INTERCHANGE.lnk
[2010/10/22 09:20:02 | 000,000,564 | ---- | C] () -- C:\Documents and Settings\bill.summers\Desktop\Desktop.lnk
[2010/10/22 09:08:48 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\bill.summers\Desktop\otlpaste.doc
[2010/10/22 06:54:20 | 000,000,436 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F8786F99-8078-4854-8DD0-0233302BF971}.job
[2010/10/18 08:11:53 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\zipdll.dll
[2010/10/18 08:11:53 | 000,119,808 | ---- | C] () -- C:\WINDOWS\System32\unzdll.dll
[2010/10/15 17:22:37 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/15 15:49:09 | 000,285,230 | ---- | C] () -- C:\Documents and Settings\bill.summers\Desktop\gmer.zip
[2010/10/15 14:10:43 | 001,211,285 | ---- | C] () -- C:\Documents and Settings\bill.summers\Desktop\tdsskiller.zip
[2010/10/15 13:40:22 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\bill.summers\Desktop\ERUNT.lnk
[2010/10/07 15:37:07 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\bill.summers\Desktop\New Hire Form.xls
[2010/07/13 07:59:30 | 000,036,692 | ---- | C] () -- C:\Documents and Settings\bill.summers\Application Data\Comma Separated Values (Windows).ADR
[2010/07/13 07:58:44 | 000,020,088 | ---- | C] () -- C:\Documents and Settings\bill.summers\Application Data\Comma Separated Values (Windows).EML
[2010/03/23 10:25:23 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\bill.summers\Application Data\PFP120JPR.{PB
[2010/03/23 10:25:23 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\bill.summers\Application Data\PFP120JCM.{PB
[2010/03/23 09:30:09 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\bill.summers\Local Settings\Application Data\FASTWiz.html
[2010/03/23 09:25:59 | 000,030,048 | ---- | C] () -- C:\Documents and Settings\bill.summers\Local Settings\Application Data\FASTWiz.log
[2010/02/11 10:21:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/02/11 09:50:13 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/02/11 09:49:30 | 000,000,212 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/02/11 09:49:30 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/02/11 09:48:59 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2010/02/11 09:48:32 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2010/02/11 09:48:31 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/02/11 09:46:55 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/02/11 09:42:58 | 000,000,537 | ---- | C] () -- C:\WINDOWS\Tp5win.ini
[2009/11/17 13:16:38 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\BTRDRVR.SYS
[2005/01/26 19:53:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/26 19:42:11 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/26 19:07:12 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/16 00:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 19:25:56 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/11 19:14:38 | 000,004,397 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/04 07:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\SECDRV.SYS
[2004/08/04 07:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1997/08/14 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/08/14 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1980/01/01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2010/02/11 09:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/06/22 07:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pervasive Software
[2010/02/11 09:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2005/01/26 19:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/03/24 11:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bill.summers\Application Data\ScanSoft
[2010/03/23 09:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bill.summers\Application Data\Xerox
[2010/11/03 08:00:09 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F8786F99-8078-4854-8DD0-0233302BF971}.job

========== Purity Check ==========

< End of report >

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5031

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

11/3/2010 8:59:48 AM
mbam-log-2010-11-03 (08-59-48).txt

Scan type: Quick scan
Objects scanned: 189766
Time elapsed: 7 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ComboFix 10-11-02.05 - bill.summers 11/03/2010 9:15.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1584 [GMT -4:00]
Running from: c:\documents and settings\bill.summers\Desktop\george.exe.exe
AV: Total Protection Service *On-access scanning disabled* (Updated) {8C354827-2F54-4E28-90DC-AD391E77808C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\winlogon.exe.tmp

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-10-03 to 2010-11-03 )))))))))))))))))))))))))))))))
.

2010-11-03 12:51 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-03 12:51 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-03 12:51 . 2010-11-03 12:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-03 12:45 . 2004-08-04 11:00 502272 ----a-w- c:\windows\system32\OLD43.tmp
2010-11-03 12:45 . 2010-11-03 12:45 -------- d-----w- c:\windows\LastGood
2010-11-03 12:22 . 2010-11-03 12:45 502272 ----a-w- c:\windows\system32\zz-winlogon.exe.tmp
2010-11-03 12:17 . 2010-11-03 12:17 -------- d-----w- C:\_OTL
2010-10-22 10:54 . 2010-10-22 10:54 -------- d-sh--w- c:\documents and settings\bill.summers\IECompatCache
2010-10-18 12:11 . 2010-10-18 12:11 137728 ----a-w- c:\windows\system32\zipdll.dll
2010-10-18 12:11 . 2010-10-18 12:11 119808 ----a-w- c:\windows\system32\unzdll.dll
2010-10-18 10:54 . 2010-10-22 12:54 -------- d-----w- C:\ISTS
2010-10-15 21:22 . 2010-10-15 21:22 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-15 21:13 . 2010-10-15 21:13 -------- d-----w- C:\spoolerlogs
2010-10-15 17:59 . 2010-10-15 17:59 -------- d-sh--w- c:\documents and settings\McAfeeMVSUser\IETldCache
2010-10-15 17:47 . 2010-10-15 17:47 -------- d-----w- C:\_OTM
2010-10-15 17:40 . 2010-10-15 17:40 -------- d-----w- c:\program files\ERUNT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-28 18:07 . 2004-08-04 11:00 1032192 ----a-w- c:\windows\explorer.exe
.

------- Sigcheck -------

[-] 2010-10-28 . D9E4DC0188B3BFE62637FE35AEBB2C3A . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 131072]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-01-26 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-26 98304]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-06 741376]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"MVS Splash"="c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2010-07-24 476480]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-11 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-1-26 156784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"=
"c:\\WINDOWS\\SYSTEM32\\USMT\\MIGWIZ.EXE"=

R2 EngineServer;EngineServer;c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [3/23/2010 8:13 AM 14144]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [12/16/2009 8:31 PM 222528]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [3/23/2010 8:04 AM 282824]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2010 9:18 AM 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 13:18]

2010-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 13:18]

2010-11-03 c:\windows\Tasks\User_Feed_Synchronization-{F8786F99-8078-4854-8DD0-0233302BF971}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.att.net/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-MVS - c:\progra~1\McAfee\MANAGE~1\Agent\myinx

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-03 09:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-11-03 09:21:51
ComboFix-quarantined-files.txt 2010-11-03 13:21

Pre-Run: 21,937,299,456 bytes free
Post-Run: 21,911,552,000 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - CAF4C677DF34B79855E7FD261996B8C3

Server: server.gagebilt.local
Address: 192.168.1.250

Name: google.com
Addresses: 74.125.95.106, 74.125.95.147, 74.125.95.105, 74.125.95.104
74.125.95.103, 74.125.95.99

#5
RKinner

Posted 04 November 2010 - 09:30 PM

Malware Expert

Expert
24,624 posts

Sorry for the delay but I'm on a 10 day road trip and didn't think I was going to get any replies while I was away from my computer. I'm on a borrowed computer so don't have my usual scripts available but will try anyway.

Combofix says your explorer.exe file is infected and it doesn't like any of the copies that it sees on your computer.

Appears I can upload a renamed copy for you. Attached is a file called explorer.txt. Download it and save it to c:\

Copy the following 3 lines:

FCopy::
c:\explorer.txt | c:\windows\system32\dllcache\explorer.exe
c:\explorer.txt | C:\windows\explorer.exe

Then open notepad (Start, Run, notepad, OK) and Ctrl + v to paste it into notepad. File, Save As, (to your Desktop) CFScript, OK. Close notepad. Find the CFScript.txt file on your desktop and drag it over to the george.exe icon (renamed combofix) then let go. Combofix should start up on its own. It will probably need to reboot afterwards. Copy and paste the new log.

Ron

#6
inventor24

Posted 05 November 2010 - 02:41 PM

Member

Topic Starter
Member
10 posts

Thanks for your reply, a 10 day road trip sounds sweet!

FYI, I had to download combofix again because and renamed it george, I must of removed it. When I drug the CFScript over to the george icon and let go it said "open with" so I clicked "open with" I hope that was correct. The computer didn't reboot when finished, sorry in advance if I screwed up.

Please see log below...

Thanks Ron!

ComboFix 10-11-05.01 - bill.summers 11/05/2010 15:37:14.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1570 [GMT -4:00]
Running from: c:\documents and settings\bill.summers\Desktop\George.exe
Command switches used :: c:\documents and settings\bill.summers\Desktop\CFScript.txt
AV: Total Protection Service *On-access scanning disabled* (Updated) {8C354827-2F54-4E28-90DC-AD391E77808C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-10-05 to 2010-11-05 )))))))))))))))))))))))))))))))
.

2010-11-03 12:51 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-03 12:51 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-03 12:51 . 2010-11-03 12:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-03 12:17 . 2010-11-03 12:17 -------- d-----w- C:\_OTL
2010-10-22 10:54 . 2010-10-22 10:54 -------- d-sh--w- c:\documents and settings\bill.summers\IECompatCache
2010-10-18 12:11 . 2010-10-18 12:11 137728 ----a-w- c:\windows\system32\zipdll.dll
2010-10-18 12:11 . 2010-10-18 12:11 119808 ----a-w- c:\windows\system32\unzdll.dll
2010-10-18 10:54 . 2010-10-22 12:54 -------- d-----w- C:\ISTS
2010-10-15 21:22 . 2010-10-15 21:22 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-15 21:13 . 2010-10-15 21:13 -------- d-----w- C:\spoolerlogs
2010-10-15 17:59 . 2010-10-15 17:59 -------- d-sh--w- c:\documents and settings\McAfeeMVSUser\IETldCache
2010-10-15 17:47 . 2010-10-15 17:47 -------- d-----w- C:\_OTM
2010-10-15 17:40 . 2010-10-15 17:40 -------- d-----w- c:\program files\ERUNT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-28 18:07 . 2004-08-04 11:00 1032192 ----a-w- c:\windows\explorer.exe
.

------- Sigcheck -------

[-] 2010-10-28 . D9E4DC0188B3BFE62637FE35AEBB2C3A . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-11-03_13.19.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-03 17:55 . 2010-11-03 17:55 16384 c:\windows\Temp\Perflib_Perfdata_678.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 131072]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-01-26 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-26 98304]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-06 741376]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"MVS Splash"="c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2010-07-24 476480]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-11 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-1-26 156784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"=
"c:\\WINDOWS\\SYSTEM32\\USMT\\MIGWIZ.EXE"=

R2 EngineServer;EngineServer;c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [3/23/2010 8:13 AM 14144]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [12/16/2009 8:31 PM 222528]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [3/23/2010 8:04 AM 282824]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2010 9:18 AM 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 13:18]

2010-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 13:18]

2010-11-04 c:\windows\Tasks\User_Feed_Synchronization-{F8786F99-8078-4854-8DD0-0233302BF971}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.att.net/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-05 15:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3224)
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-11-05 15:45:21
ComboFix-quarantined-files.txt 2010-11-05 19:45
ComboFix2.txt 2010-11-03 13:21

Pre-Run: 21,785,268,224 bytes free
Post-Run: 21,840,482,304 bytes free

- - End Of File - - 8702F9680B938E2BB46829FB9C617357

#7
RKinner

Posted 05 November 2010 - 04:26 PM

Malware Expert

Expert
24,624 posts

It didn't work. It should automatically start Combofix running not ask you what to run it with.

I wonder if mcafee ate some critical part of combofix? Try downloading it again with McAfee turned off and this time name it george2.exe then drag the CFScript file over to george2.exe and let go. Do not double click.

It could also be the infection will not let it run. If it still says the explorer.exe is infected after this attempt then you can manually replace explorer.exe using the Recovery Console which should have been installed by george.exe on the first run. Reboot and very quickly hit the down (up) arrow key when you see the black screen with the choice of operating systems. You want to highlight the recovery console. IF you can get that to work and log in (no password required) you will get to a black screen with a prompt.

Type:

copy c:\explorer.txt c:\windows\system32\explorer.exe

then hit Enter.

copy c:\explorer.txt c:\windows\system32\dllcache\explorer.exe

then hit Enter.

Reboot into regular mode and run george2.exe and see if it still compalins about explorer.exe

You can probably also get the same commands to work in Safe Mode with Command Prompt.

"To get into the Windows 2000 / XP Safe mode, as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode" and press your Enter key.

Note: With some computers, if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", tap the "F8 key" continuously until you get the startup menu."

Ron

#8
inventor24

Posted 10 November 2010 - 10:21 AM

Member

Topic Starter
Member
10 posts

Ron,
I think it might have worked following is the log.

Thanks!

ComboFix 10-11-09.02 - bill.summers 11/10/2010 10:31:21.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1640 [GMT -5:00]
Running from: c:\documents and settings\bill.summers\Desktop\george2.exe
Command switches used :: c:\documents and settings\bill.summers\Desktop\CFScript.txt
AV: Total Protection Service *On-access scanning disabled* (Updated) {8C354827-2F54-4E28-90DC-AD391E77808C}
.
ADS - explorer.exe: deleted 26 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\npf.sys
c:\windows\system32\svrwsc.exe
c:\windows\ws386.ini

.
--------------- FCopy ---------------

c:\explorer.txt --> c:\windows\system32\dllcache\explorer.exe
c:\explorer.txt --> c:\windows\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2010-10-10 to 2010-11-10 )))))))))))))))))))))))))))))))
.

2010-11-10 15:31 . 2010-11-05 11:10 497383 ----a-w- c:\windows\OLD26.tmp
2010-11-10 15:31 . 2010-11-10 15:31 -------- d-----w- c:\windows\LastGood
2010-11-10 15:06 . 2010-11-10 15:07 -------- d-----w- c:\documents and settings\bill.summers.GAGE14
2010-11-09 21:44 . 2010-11-09 21:44 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-11-09 18:30 . 2010-11-09 18:30 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-11-09 17:30 . 2010-11-09 17:30 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-11-05 19:17 . 2010-11-05 11:10 497383 ------w- C:\explorer.txt
2010-11-03 12:51 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-03 12:51 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-03 12:51 . 2010-11-03 12:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-03 12:17 . 2010-11-03 12:17 -------- d-----w- C:\_OTL
2010-10-22 10:54 . 2010-10-22 10:54 -------- d-sh--w- c:\documents and settings\bill.summers\IECompatCache
2010-10-18 12:11 . 2010-10-18 12:11 137728 ----a-w- c:\windows\system32\zipdll.dll
2010-10-18 12:11 . 2010-10-18 12:11 119808 ----a-w- c:\windows\system32\unzdll.dll
2010-10-18 10:54 . 2010-10-22 12:54 -------- d-----w- C:\ISTS
2010-10-15 21:22 . 2010-10-15 21:22 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-15 21:13 . 2010-10-15 21:13 -------- d-----w- C:\spoolerlogs
2010-10-15 17:59 . 2010-10-15 17:59 -------- d-sh--w- c:\documents and settings\McAfeeMVSUser\IETldCache
2010-10-15 17:47 . 2010-10-15 17:47 -------- d-----w- C:\_OTM
2010-10-15 17:40 . 2010-10-15 17:40 -------- d-----w- c:\program files\ERUNT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((( SnapShot@2010-11-03_13.19.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-10 15:25 . 2010-11-10 15:25 16384 c:\windows\Temp\Perflib_Perfdata_674.dat
+ 2005-01-26 23:27 . 2010-11-09 21:46 54280 c:\windows\SYSTEM32\PERFC009.DAT
- 2005-01-26 23:27 . 2010-07-12 20:23 54280 c:\windows\SYSTEM32\PERFC009.DAT
+ 2010-11-09 17:30 . 2010-11-10 13:01 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-11 13:53 . 2010-02-11 13:53 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-02-11 13:53 . 2010-11-10 13:01 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-01-26 23:27 . 2010-07-12 20:23 384596 c:\windows\SYSTEM32\PERFH009.DAT
+ 2005-01-26 23:27 . 2010-11-09 21:46 384596 c:\windows\SYSTEM32\PERFH009.DAT
+ 2010-11-09 17:30 . 2010-11-10 13:01 245760 c:\windows\SYSTEM32\CONFIG\systemprofile\IETldCache\index.dat
+ 2010-11-10 15:31 . 2010-11-05 11:10 497383 c:\windows\LastGood\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 131072]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-01-26 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-26 98304]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-06 741376]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"MVS Splash"="c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2010-07-24 476480]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-11 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-1-26 156784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"=
"c:\\WINDOWS\\SYSTEM32\\USMT\\MIGWIZ.EXE"=

R2 EngineServer;EngineServer;c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [3/23/2010 7:13 AM 14144]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [12/16/2009 7:31 PM 222528]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [3/23/2010 7:04 AM 282824]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2010 8:18 AM 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 13:18]

2010-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 13:18]

2010-11-10 c:\windows\Tasks\User_Feed_Synchronization-{F8786F99-8078-4854-8DD0-0233302BF971}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.att.net/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-10 10:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-11-10 10:39:59
ComboFix-quarantined-files.txt 2010-11-10 15:39
ComboFix2.txt 2010-11-10 14:50
ComboFix3.txt 2010-11-05 19:45
ComboFix4.txt 2010-11-03 13:21

Pre-Run: 21,509,517,312 bytes free
Post-Run: 21,487,292,416 bytes free

- - End Of File - - FC8B00198C0AB79815123433FEFE6E8B

#9
RKinner

Posted 10 November 2010 - 03:21 PM

Malware Expert

Expert
24,624 posts

It does look like it worked. Combofix is no longer complaining about explorer.exe being infected and it was also able to remove a known bad guy so I think the worst is over. Is it still getting redirected?

Ron