Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

trojan symptoms remain after AV software says I'm clean

Started by jeff62 , Oct 29 2010 02:10 PM

  • This topic is locked This topic is locked

#1
jeff62
Posted 29 October 2010 - 02:10 PM

jeff62

    Member

  • Member
  • PipPip
  • 13 posts
Greetings.

A couple of days ago my computer displayed this message: "Generic Host Processes for win32 services has encountered a problem and needs to close." The error signature listed the following:
szAppName:svchost.exe
SzAppVer: 5.1.2600.5512
SzModName ntdll.dll
SzModver: 5.1.2600.5755
offset: 00023845

The computer became unstable so I tried to reboot. It got to the "windows is shutting down..." part, and froze. I eventually pulled the plug. I would not boot the first time I tried; it started to then I had a blank screen. I tried it again, and this time it booted.

I kept getting the "generic host processes" message repeatedly, followed by unstable behavior. It would not shut down without pulling the plug, and would only reboot on the 2nd attempt.

I ran McAffee but it said I was clean. I downloaded spybot and it found virtumonde.sda. I applied the fix, but after a reboot, search engine searches were redirected about half of the time, and browser windows started opening by themselves.


I read that spybot has trouble getting rid of virtumonde.sda, so I tried Malwarebyt's anti-malware. It found trojan.fakealert and trojan.agent. I applied the fix. A friend told me to clean out all my temp files and history, then reboot and run crapcleaner immediately. I did so. I ran all three AV programs and they came up clean. My friend also told me to download spywareblaster, so I did that too.


The computere runs better than it did, but still has issues. It continues to open browser windows spontaniously, is using a close to 70% of my cpu after startup. Generic hot processes has crashed again and since that time I've only had one spontanious browser window, although I keep hearing random "bonk" sounds every few minutes, and I am unable to perform certain tasks, such as opening windows help files or get my system information.

Also, at some point yesterday I got an error message saying that EDF.tmp had encountered an error and needed to close. I didn't recognize the name and googled it, and found it was associated with yet another trojan, which none of my AV programs mentioned.

The problems began not long after I went to a website to watch a campaign debate video, and a I got a popup telling me that I was infected with something and needed to download some file. I knew better than to do that, but the popup window wouldn't let me close it.

Hope this is sufficient info, and that you are able to help. Thank you.

Here's the OTL.txt report, followed by a report called Extras.text:

OTL logfile created on: 10/29/2010 2:24:45 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Jeff McReynolds\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 455.93 Gb Total Space | 420.51 Gb Free Space | 92.23% Space Free | Partition Type: NTFS

Computer Name: D1FC4PH1 | User Name: Jeff McReynolds | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/29 14:21:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff McReynolds\Desktop\OTL.exe
PRC - [2010/10/06 07:05:17 | 001,369,088 | ---- | M] () -- C:\Documents and Settings\Jeff McReynolds\Local Settings\Apps\2.0\HP02QEZ4.X4M\1B1TY3XG.TR8\oak...tion_03db96a11253111a_0001.0000_d6dc5df5be8ff5c4\Oak.Montana.Clients.MontanaClient.exe
PRC - [2010/09/23 04:47:16 | 000,349,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
PRC - [2010/08/24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/07/01 00:07:46 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010/02/17 11:03:30 | 001,203,200 | ---- | M] () -- C:\Program Files\DTN\ProphetX\ProphetX.exe
PRC - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/04 17:21:36 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/08/15 16:03:50 | 004,812,664 | ---- | M] (Dell Inc. and SightSpeed Inc.) -- C:\Program Files\Dell Video Chat\DellVideoChat.exe
PRC - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 07:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/02/26 11:57:28 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/01/15 14:31:58 | 000,155,648 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2008/01/03 17:57:52 | 000,184,864 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvraidservice.exe
PRC - [2007/09/10 16:12:44 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2007/05/23 21:02:36 | 000,139,264 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\pmxmiced.exe
PRC - [2006/11/08 16:01:54 | 000,049,152 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
PRC - [2006/10/11 13:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2006/09/25 10:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2006/09/20 09:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
PRC - [2006/09/19 17:05:32 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2005/12/12 16:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2005/12/12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe


========== Modules (SafeList) ==========

MOD - [2010/10/29 14:21:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff McReynolds\Desktop\OTL.exe
MOD - [2006/10/04 23:07:12 | 000,144,936 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2008/11/04 17:27:01 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/15 14:31:58 | 000,155,648 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2005/12/12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)


========== Driver Services (SafeList) ==========

DRV - [2010/08/24 14:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/08/24 14:57:38 | 000,312,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/08/24 14:57:38 | 000,152,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/08/24 14:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/08/24 14:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/08/24 14:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/08/24 14:57:38 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/08/24 14:57:38 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/08/24 14:57:38 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/08/24 14:57:38 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008/09/09 19:57:58 | 000,093,696 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/09/09 19:57:50 | 003,266,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/14 07:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 07:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 07:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/11 09:44:08 | 000,128,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/02/11 09:44:08 | 000,102,400 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008/01/15 14:34:04 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2008/01/14 22:20:12 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/01/14 22:20:10 | 000,054,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/01/14 22:10:30 | 004,620,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/06/01 14:41:00 | 000,018,432 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pmxmouse.sys -- (pmxmouse)
DRV - [2007/05/24 17:56:00 | 000,014,336 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pmxusblf.sys -- (pmxusblf)
DRV - [2003/03/31 15:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2001/08/17 21:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 21:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 21:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 21:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 21:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 20:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 20:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 20:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 20:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 20:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 20:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 20:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 20:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 20:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 20:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3081105
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...?channel=us-smb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3081105

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...?channel=us-smb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: G:\System\Apps\3C9F7B3F-D55C-42cd-8537-B878518B73AF\Exec\firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: G:\System\Apps\3C9F7B3F-D55C-42cd-8537-B878518B73AF\Exec\firefox\plugins

[2008/12/12 12:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff McReynolds\Application Data\Mozilla\Extensions

O1 HOSTS File: ([2010/10/28 09:53:14 | 000,424,195 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14621 more lines...
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100921090844.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PMX Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [SightSpeed] C:\Program Files\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1226266901234 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 4.2.2.1 8.8.8.8
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 16:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/29 14:21:26 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeff McReynolds\Desktop\OTL.exe
[2010/10/29 08:27:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/10/28 18:06:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/28 18:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/10/28 13:24:50 | 003,194,296 | ---- | C] (Javacool Software LLC ) -- C:\Documents and Settings\Jeff McReynolds\Desktop\spywareblastersetup44.exe
[2010/10/28 12:48:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jeff McReynolds\Recent
[2010/10/28 12:19:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff McReynolds\Application Data\Malwarebytes
[2010/10/28 12:19:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/28 12:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/28 12:19:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/28 12:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/28 09:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/10/28 09:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/10/28 07:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/10/28 07:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/10/27 21:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/10/27 20:48:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/10/27 14:57:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/10/27 14:57:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/10/06 07:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/29 14:21:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff McReynolds\Desktop\OTL.exe
[2010/10/29 09:15:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/10/29 09:06:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/29 08:57:40 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/10/29 08:56:22 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/29 07:53:27 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/10/29 07:10:11 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\HP WEP.job
[2010/10/29 07:01:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/29 07:00:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/29 07:00:05 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/10/29 07:00:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/29 07:00:01 | 000,003,568 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/10/29 06:59:56 | 3218,571,264 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/28 18:16:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/10/28 18:16:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/10/28 18:16:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/10/28 18:16:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/10/28 18:16:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/10/28 18:16:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/10/28 18:05:54 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\Jeff McReynolds\Desktop\SpywareBlaster.lnk
[2010/10/28 13:24:53 | 003,194,296 | ---- | M] (Javacool Software LLC ) -- C:\Documents and Settings\Jeff McReynolds\Desktop\spywareblastersetup44.exe
[2010/10/28 12:31:40 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/10/28 12:19:26 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/28 11:52:38 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/10/28 11:52:38 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/10/28 09:53:14 | 000,424,195 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/28 09:43:58 | 000,424,195 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101028-095314.backup
[2010/10/28 09:08:58 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\Jeff McReynolds\Desktop\Spybot - Search & Destroy.lnk
[2010/10/28 08:46:28 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/10/28 07:11:56 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/10/28 07:11:56 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/10/28 07:11:56 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/10/28 07:11:55 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/10/28 07:11:55 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/10/28 07:11:55 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/10/28 07:11:55 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/10/28 07:11:55 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/10/28 07:11:52 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/10/28 07:11:48 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/10/28 07:11:48 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/10/28 07:11:38 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/10/27 20:58:26 | 000,182,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/26 16:02:17 | 000,041,998 | ---- | M] () -- C:\Documents and Settings\Jeff McReynolds\Desktop\EZ-bond -70% retracement profit protection.xlsm
[2010/10/25 17:43:07 | 000,036,208 | ---- | M] () -- C:\Documents and Settings\Jeff McReynolds\Desktop\Ross hog system.xlsx
[2010/10/25 17:40:37 | 000,036,222 | ---- | M] () -- C:\Documents and Settings\Jeff McReynolds\Desktop\Ross feeder cattle system.xlsx
[2010/10/23 12:43:33 | 005,132,288 | ---- | M] () -- C:\Documents and Settings\Jeff McReynolds\My Documents\QDATACpy.mny
[2010/10/13 13:56:50 | 000,001,231 | ---- | M] () -- C:\WINDOWS\System32\NEWSOFT
[2010/10/11 10:58:21 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Jeff McReynolds\Desktop\ADM Wiring Instructions (Seg 1).doc
[2010/10/05 17:55:03 | 000,463,840 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/05 17:55:03 | 000,078,990 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/02 16:47:51 | 000,001,304 | ---- | M] () -- C:\Documents and Settings\Jeff McReynolds\Application Data\wklnhst.dat
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/29 14:21:53 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\Jeff McReynolds\Desktop\Copy (2) of DTN ProphetX.lnk
[2010/10/29 07:10:11 | 000,000,336 | ---- | C] () -- C:\WINDOWS\tasks\HP WEP.job
[2010/10/28 18:05:54 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\Jeff McReynolds\Desktop\SpywareBlaster.lnk
[2010/10/28 12:19:26 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/28 09:08:58 | 000,000,935 | ---- | C] () -- C:\Documents and Settings\Jeff McReynolds\Desktop\Spybot - Search & Destroy.lnk
[2010/10/28 07:11:55 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/10/28 07:11:55 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/10/28 07:11:54 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/10/28 07:11:54 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/10/28 07:11:54 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/10/28 07:11:54 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/10/28 07:11:54 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/10/28 07:11:54 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/10/28 07:11:54 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/10/28 07:11:54 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/10/28 07:11:54 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/10/28 07:11:54 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/10/28 07:11:54 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/10/28 07:11:53 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/10/28 07:11:53 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/10/28 07:11:53 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/10/28 07:11:53 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/10/28 07:11:53 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/10/28 07:11:53 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/10/28 07:11:53 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/10/28 07:11:51 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/10/28 07:11:48 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/10/28 07:11:47 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/10/28 07:11:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/10/27 14:57:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/16 11:19:20 | 000,036,222 | ---- | C] () -- C:\Documents and Settings\Jeff McReynolds\Desktop\Ross feeder cattle system.xlsx
[2010/10/16 11:14:47 | 000,036,208 | ---- | C] () -- C:\Documents and Settings\Jeff McReynolds\Desktop\Ross hog system.xlsx
[2009/10/02 14:35:02 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Jeff McReynolds\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/02/17 08:31:31 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Jeff McReynolds\Application Data\mcs.rma
[2009/02/17 08:31:31 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Jeff McReynolds\Application Data\0BA5E8
[2009/02/17 08:30:46 | 000,009,250 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/12/27 13:20:24 | 000,010,593 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2008/12/27 11:35:03 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2008/12/27 11:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/11/29 11:29:08 | 000,001,304 | ---- | C] () -- C:\Documents and Settings\Jeff McReynolds\Application Data\wklnhst.dat
[2008/11/19 16:19:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2008/11/09 16:32:45 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Jeff McReynolds\Local Settings\Application Data\fusioncache.dat
[2008/11/04 19:07:32 | 000,001,154 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/11/04 17:33:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/11/04 17:18:18 | 000,131,070 | ---- | C] () -- C:\WINDOWS\System32\DellPM.ini
[2008/04/25 16:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 04:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/26 13:01:50 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll

========== LOP Check ==========

[2009/08/15 10:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/12/27 11:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/11/04 17:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/10/28 18:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/11/04 17:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2008/12/27 13:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff McReynolds\Application Data\Canon
[2008/11/17 12:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff McReynolds\Application Data\DTN
[2009/03/10 12:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff McReynolds\Application Data\eBookPro6
[2009/05/04 10:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff McReynolds\Application Data\NewSoft
[2008/12/27 11:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff McReynolds\Application Data\ScanSoft
[2008/12/11 13:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff McReynolds\Application Data\Template
[2008/11/14 17:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff McReynolds\Application Data\Windows Desktop Search
[2008/12/17 08:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff McReynolds\Application Data\Windows Search
[2010/10/28 07:11:38 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/10/29 09:15:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/10/29 08:57:40 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/10/28 07:11:55 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/10/28 07:11:55 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/10/28 18:16:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/10/28 18:16:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/10/28 18:16:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/10/28 07:11:55 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/10/28 12:31:40 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/10/28 18:16:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/10/28 07:11:48 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/10/28 07:11:55 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/10/28 18:16:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/10/28 18:16:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/10/28 07:11:55 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/10/28 07:11:52 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/10/28 07:11:56 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/10/28 07:11:56 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/10/28 07:11:56 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/10/29 07:53:27 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/10/28 11:52:38 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/10/28 11:52:38 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/10/29 07:00:05 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >


OTL Extras logfile created on: 10/29/2010 2:24:45 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Jeff McReynolds\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 455.93 Gb Total Space | 420.51 Gb Free Space | 92.23% Space Free | Partition Type: NTFS

Computer Name: D1FC4PH1 | User Name: Jeff McReynolds | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Dell Video Chat\DellVideoChat.exe" = C:\Program Files\Dell Video Chat\DellVideoChat.exe:*:Enabled:SightSpeed -- (Dell Inc. and SightSpeed Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02C85EC5-E864-4847-AF55-42730861004C}" = MrvlUsgTracking
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803" = CanoScan 4400F
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2767DEDE-EA9D-4FCE-A06A-40F4DD293330}" = hppusgP1000
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{448E2D77-E504-4221-B2C2-93646B344729}" = Mouse Suite for Desktop Computers
"{5887D64D-2663-43FB-B4BD-7464C56AB425}" = NVIDIA System Monitor
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{7F1B3341-A94E-4F5C-B587-CA0EB964221E}" = Microsoft Money Shared Libraries
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{87841AF8-C785-42FF-A76E-CC0F0C2816CC}" = ATI Catalyst Control Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATI Display Driver" = ATI Display Driver
"Canon CanoScan 4400F User Registration" = Canon CanoScan 4400F User Registration
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat (remove only)
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{5887D64D-2663-43FB-B4BD-7464C56AB425}" = NVIDIA System Monitor
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2008b" = Microsoft Money Plus
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"ProphetX" = ProphetX
"Rhapsody" = Rhapsody
"SearchAssist" = SearchAssist
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Oak Level II Production" = Oak Level II Production
"Options Analysis Tool" = Options Analysis Tool

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/28/2010 6:16:18 PM | Computer Name = D1FC4PH1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/28/2010 6:16:24 PM | Computer Name = D1FC4PH1 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 10/28/2010 7:16:45 PM | Computer Name = D1FC4PH1 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 10/28/2010 7:18:45 PM | Computer Name = D1FC4PH1 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE
SECURITYCENTER.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 10/28/2010 7:18:45 PM | Computer Name = D1FC4PH1 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE
SECURITYCENTER.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 10/28/2010 7:18:56 PM | Computer Name = D1FC4PH1 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE
SECURITYCENTER.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 10/28/2010 7:18:56 PM | Computer Name = D1FC4PH1 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE
SECURITYCENTER.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 10/29/2010 8:00:21 AM | Computer Name = D1FC4PH1 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 10/29/2010 8:52:34 AM | Computer Name = D1FC4PH1 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x7c923845.

Error - 10/29/2010 8:52:49 AM | Computer Name = D1FC4PH1 | Source = Application Error | ID = 1001
Description = Fault bucket 2023802900.

[ System Events ]
Error - 10/29/2010 2:33:37 PM | Computer Name = D1FC4PH1 | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 10/29/2010 2:35:37 PM | Computer Name = D1FC4PH1 | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 10/29/2010 2:37:37 PM | Computer Name = D1FC4PH1 | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 10/29/2010 2:39:37 PM | Computer Name = D1FC4PH1 | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 10/29/2010 2:41:37 PM | Computer Name = D1FC4PH1 | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 10/29/2010 2:43:37 PM | Computer Name = D1FC4PH1 | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 10/29/2010 2:49:40 PM | Computer Name = D1FC4PH1 | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 10/29/2010 2:51:40 PM | Computer Name = D1FC4PH1 | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 10/29/2010 3:24:19 PM | Computer Name = D1FC4PH1 | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 10/29/2010 3:26:19 PM | Computer Name = D1FC4PH1 | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.


< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 29 October 2010 - 02:23 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets get to work :D


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    ipconfig /flushdns /c
    C:\WINDOWS\tasks\At*.job

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#3
jeff62
Posted 29 October 2010 - 02:49 PM

jeff62

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here's the OTL log. I'm still working on the rest.

OTL logfile created on: 10/29/2010 3:42:53 PM - Run 2
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Jeff McReynolds\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 455.93 Gb Total Space | 421.17 Gb Free Space | 92.38% Space Free | Partition Type: NTFS

Computer Name: D1FC4PH1 | User Name: Jeff McReynolds | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/29 14:21:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff McReynolds\Desktop\OTL.exe
PRC - [2010/08/24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/08/02 19:45:58 | 000,410,024 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MPF\MpfAlert.exe
PRC - [2010/07/01 00:07:46 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/04 17:21:36 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/08/15 16:03:50 | 004,812,664 | ---- | M] (Dell Inc. and SightSpeed Inc.) -- C:\Program Files\Dell Video Chat\DellVideoChat.exe
PRC - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/26 11:57:28 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/01/15 14:31:58 | 000,155,648 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2008/01/03 17:57:52 | 000,184,864 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvraidservice.exe
PRC - [2007/09/10 16:12:44 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2007/05/23 21:02:36 | 000,139,264 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\pmxmiced.exe
PRC - [2007/04/25 15:28:34 | 000,954,368 | ---- | M] () -- C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe
PRC - [2006/11/08 16:01:54 | 000,049,152 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
PRC - [2006/10/11 13:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2006/09/25 10:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2006/09/20 09:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
PRC - [2006/09/19 17:05:32 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2005/12/12 16:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2005/12/12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe


========== Modules (SafeList) ==========

MOD - [2010/10/29 14:21:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff McReynolds\Desktop\OTL.exe
MOD - [2006/10/04 23:07:12 | 000,144,936 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2008/11/04 17:27:01 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/15 14:31:58 | 000,155,648 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2005/12/12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)


========== Driver Services (SafeList) ==========

DRV - [2010/08/24 14:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/08/24 14:57:38 | 000,312,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/08/24 14:57:38 | 000,152,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/08/24 14:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/08/24 14:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/08/24 14:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/08/24 14:57:38 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/08/24 14:57:38 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/08/24 14:57:38 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/08/24 14:57:38 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008/09/09 19:57:58 | 000,093,696 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/09/09 19:57:50 | 003,266,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/14 07:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 07:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 07:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/11 09:44:08 | 000,128,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/02/11 09:44:08 | 000,102,400 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008/01/15 14:34:04 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2008/01/14 22:20:12 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/01/14 22:20:10 | 000,054,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/01/14 22:10:30 | 004,620,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/06/01 14:41:00 | 000,018,432 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pmxmouse.sys -- (pmxmouse)
DRV - [2007/05/24 17:56:00 | 000,014,336 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pmxusblf.sys -- (pmxusblf)
DRV - [2003/03/31 15:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2001/08/17 21:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 21:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 21:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 21:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 21:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 20:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 20:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 20:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 20:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 20:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 20:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 20:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 20:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 20:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 20:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3081105
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...?channel=us-smb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3081105

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...?channel=us-smb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: G:\System\Apps\3C9F7B3F-D55C-42cd-8537-B878518B73AF\Exec\firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: G:\System\Apps\3C9F7B3F-D55C-42cd-8537-B878518B73AF\Exec\firefox\plugins

[2008/12/12 12:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff McReynolds\Application Data\Mozilla\Extensions

O1 HOSTS File: ([2010/10/28 09:53:14 | 000,424,195 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14621 more lines...
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100921090844.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PMX Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [SightSpeed] C:\Program Files\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1226266901234 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 4.2.2.1 8.8.8.8
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 16:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/29 15:28:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/29 14:21:26 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeff McReynolds\Desktop\OTL.exe
[2010/10/29 08:27:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/10/28 18:06:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/28 18:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/10/28 13:24:50 | 003,194,296 | ---- | C] (Javacool Software LLC ) -- C:\Documents and Settings\Jeff McReynolds\Desktop\spywareblastersetup44.exe
[2010/10/28 12:48:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jeff McReynolds\Recent
[2010/10/28 12:19:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff McReynolds\Application Data\Malwarebytes
[2010/10/28 12:19:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/28 12:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/28 12:19:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/28 12:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/28 09:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/10/28 09:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/10/28 07:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/10/28 07:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/10/27 21:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/10/27 20:48:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/10/27 14:57:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/10/27 14:57:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/10/06 07:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/29 15:42:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/29 15:40:22 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/29 15:40:22 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/10/29 15:40:21 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/10/29 15:40:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/29 15:40:18 | 000,003,568 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/10/29 15:40:13 | 3218,571,264 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/29 14:21:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff McReynolds\Desktop\OTL.exe
[2010/10/29 09:06:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/29 08:57:40 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/10/29 08:56:22 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/29 07:53:27 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/10/28 18:16:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/10/28 18:16:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/10/28 18:16:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/10/28 18:16:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/10/28 18:16:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/10/28 18:16:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/10/28 18:05:54 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\Jeff McReynolds\Desktop\SpywareBlaster.lnk
[2010/10/28 13:24:53 | 003,194,296 | ---- | M] (Javacool Software LLC ) -- C:\Documents and Settings\Jeff McReynolds\Desktop\spywareblastersetup44.exe
[2010/10/28 12:31:40 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/10/28 12:19:26 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/28 11:52:38 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/10/28 11:52:38 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/10/28 09:53:14 | 000,424,195 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/28 09:43:58 | 000,424,195 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101028-095314.backup
[2010/10/28 09:08:58 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\Jeff McReynolds\Desktop\Spybot - Search & Destroy.lnk
[2010/10/28 08:46:28 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/10/28 07:11:56 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/10/28 07:11:56 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/10/28 07:11:56 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/10/28 07:11:55 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/10/28 07:11:55 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/10/28 07:11:55 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/10/28 07:11:55 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/10/28 07:11:55 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/10/28 07:11:52 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/10/28 07:11:48 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/10/28 07:11:48 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/10/28 07:11:38 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/10/27 20:58:26 | 000,182,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/26 16:02:17 | 000,041,998 | ---- | M] () -- C:\Documents and Settings\Jeff McReynolds\Desktop\EZ-bond -70% retracement profit protection.xlsm
[2010/10/25 17:43:07 | 000,036,208 | ---- | M] () -- C:\Documents and Settings\Jeff McReynolds\Desktop\Ross hog system.xlsx
[2010/10/25 17:40:37 | 000,036,222 | ---- | M] () -- C:\Documents and Settings\Jeff McReynolds\Desktop\Ross feeder cattle system.xlsx
[2010/10/23 12:43:33 | 005,132,288 | ---- | M] () -- C:\Documents and Settings\Jeff McReynolds\My Documents\QDATACpy.mny
[2010/10/13 13:56:50 | 000,001,231 | ---- | M] () -- C:\WINDOWS\System32\NEWSOFT
[2010/10/11 10:58:21 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Jeff McReynolds\Desktop\ADM Wiring Instructions (Seg 1).doc
[2010/10/05 17:55:03 | 000,463,840 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/05 17:55:03 | 000,078,990 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/02 16:47:51 | 000,001,304 | ---- | M] () -- C:\Documents and Settings\Jeff McReynolds\Application Data\wklnhst.dat
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/29 14:21:53 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\Jeff McReynolds\Desktop\Copy (2) of DTN ProphetX.lnk
[2010/10/28 18:05:54 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\Jeff McReynolds\Desktop\SpywareBlaster.lnk
[2010/10/28 12:19:26 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/28 09:08:58 | 000,000,935 | ---- | C] () -- C:\Documents and Settings\Jeff McReynolds\Desktop\Spybot - Search & Destroy.lnk
[2010/10/28 07:11:55 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/10/28 07:11:55 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/10/28 07:11:54 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/10/28 07:11:54 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/10/28 07:11:54 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/10/28 07:11:54 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/10/28 07:11:54 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/10/28 07:11:54 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/10/28 07:11:54 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/10/28 07:11:54 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/10/28 07:11:54 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/10/28 07:11:54 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/10/28 07:11:54 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/10/28 07:11:53 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/10/28 07:11:53 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/10/28 07:11:53 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/10/28 07:11:53 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/10/28 07:11:53 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/10/28 07:11:53 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/10/28 07:11:53 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/10/28 07:11:51 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/10/28 07:11:48 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/10/28 07:11:47 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/10/28 07:11:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/10/27 14:57:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/16 11:19:20 | 000,036,222 | ---- | C] () -- C:\Documents and Settings\Jeff McReynolds\Desktop\Ross feeder cattle system.xlsx
[2010/10/16 11:14:47 | 000,036,208 | ---- | C] () -- C:\Documents and Settings\Jeff McReynolds\Desktop\Ross hog system.xlsx
[2009/10/02 14:35:02 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Jeff McReynolds\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/02/17 08:31:31 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Jeff McReynolds\Application Data\mcs.rma
[2009/02/17 08:31:31 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Jeff McReynolds\Application Data\0BA5E8
[2009/02/17 08:30:46 | 000,009,250 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/12/27 13:20:24 | 000,010,593 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2008/12/27 11:35:03 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2008/12/27 11:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/11/29 11:29:08 | 000,001,304 | ---- | C] () -- C:\Documents and Settings\Jeff McReynolds\Application Data\wklnhst.dat
[2008/11/19 16:19:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2008/11/09 16:32:45 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Jeff McReynolds\Local Settings\Application Data\fusioncache.dat
[2008/11/04 19:07:32 | 000,001,154 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/11/04 17:33:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/11/04 17:18:18 | 000,131,070 | ---- | C] () -- C:\WINDOWS\System32\DellPM.ini
[2008/04/25 16:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 04:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/26 13:01:50 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll

========== LOP Check ==========

[2009/08/15 10:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/12/27 11:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/11/04 17:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/10/28 18:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/11/04 17:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2008/12/27 13:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff McReynolds\Application Data\Canon
[2008/11/17 12:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff McReynolds\Application Data\DTN
[2009/03/10 12:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff McReynolds\Application Data\eBookPro6
[2009/05/04 10:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff McReynolds\Application Data\NewSoft
[2008/12/27 11:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff McReynolds\Application Data\ScanSoft
[2008/12/11 13:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff McReynolds\Application Data\Template
[2008/11/14 17:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff McReynolds\Application Data\Windows Desktop Search
[2008/12/17 08:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff McReynolds\Application Data\Windows Search
[2010/10/28 07:11:38 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/10/29 15:40:21 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/10/29 08:57:40 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/10/28 07:11:55 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/10/28 07:11:55 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/10/28 18:16:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/10/28 18:16:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/10/28 18:16:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/10/28 07:11:55 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/10/28 12:31:40 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/10/28 18:16:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/10/28 07:11:48 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/10/28 07:11:55 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/10/28 18:16:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/10/28 18:16:28 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/10/28 07:11:55 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/10/28 07:11:52 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/10/28 07:11:56 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/10/28 07:11:56 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/10/28 07:11:56 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/10/29 07:53:27 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/10/28 11:52:38 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/10/28 11:52:38 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/10/29 15:40:22 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Attached Files

  • Attached File  OTL.Txt   75.64KB   67 downloads

  • 0

#4
Essexboy
Posted 29 October 2010 - 02:53 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
'Tis weird none of that fix seemed to take - did you press run fix after pasting the fix text in the box ?
  • 0

#5
jeff62
Posted 29 October 2010 - 03:21 PM

jeff62

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I'm reasonably sure I followed your instructions exactly.
Here's the combofix log.

ComboFix 10-10-28.09 - Jeff McReynolds 10/29/2010 16:03:52.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2470 [GMT -5:00]
Running from: c:\documents and settings\Jeff McReynolds\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-29 )))))))))))))))))))))))))))))))
.

2010-10-29 20:28 . 2010-10-29 20:28 -------- d-----w- C:\_OTL
2010-10-28 23:06 . 2010-10-29 20:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-10-28 23:05 . 2010-10-28 23:08 -------- d-----w- c:\program files\SpywareBlaster
2010-10-28 20:31 . 2010-10-28 20:31 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-10-28 17:19 . 2010-10-28 17:19 -------- d-----w- c:\documents and settings\Jeff McReynolds\Application Data\Malwarebytes
2010-10-28 17:19 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-28 17:19 . 2010-10-28 17:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-28 17:19 . 2010-10-28 17:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-28 17:19 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-28 14:08 . 2010-10-28 22:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-28 14:08 . 2010-10-28 14:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-28 12:11 . 2010-10-28 12:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-10-28 02:00 . 2010-10-28 02:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-10-28 01:54 . 2010-10-28 01:54 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-28 01:48 . 2010-10-28 01:48 -------- d-----w- c:\windows\system32\NtmsData
2010-10-27 19:58 . 2010-10-27 19:58 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-10-06 12:04 . 2010-10-06 12:04 -------- d-----w- c:\program files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 19:57 . 2010-08-30 12:17 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-24 19:57 . 2010-08-30 12:16 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-08-24 19:57 . 2010-08-30 12:16 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-08-24 19:57 . 2010-08-30 12:16 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-24 19:57 . 2010-08-30 12:16 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-24 19:57 . 2010-08-30 12:16 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-24 19:57 . 2010-08-30 12:16 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-24 19:57 . 2010-08-30 12:16 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-24 19:57 . 2010-08-30 12:16 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-24 19:57 . 2010-08-30 12:16 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-17 13:17 . 2008-04-25 16:16 58880 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-01-15 106496]
"SightSpeed"="c:\program files\Dell Video Chat\DellVideoChat.exe" [2008-08-15 4812664]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-04 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-15 16855552]
"PMX Daemon"="ICO.EXE" [2006-11-08 49152]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-01-03 184864]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-07-01 1193848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\Jeff McReynolds\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-12-24 221247]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-11-04 22:27 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [8/30/2010 7:16 AM 84072]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/30/2010 7:16 AM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [8/30/2010 7:16 AM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [8/30/2010 7:17 AM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [8/30/2010 7:16 AM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [8/30/2010 7:16 AM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [8/30/2010 7:16 AM 312904]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [8/30/2010 7:16 AM 88544]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [11/9/2008 4:27 PM 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [11/9/2008 4:27 PM 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 10:05 AM 135664]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [8/30/2010 7:16 AM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/30/2010 7:16 AM 84264]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2010-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 15:05]

2010-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 15:05]

2010-10-29 c:\windows\Tasks\HP WEP.job
- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 20:28]

2010-10-29 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 21:07]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
Trusted Zone: mcafee.com
TCP: {7EB23E46-42A0-4468-BB31-54429FE8C622} = 8.8.8.8,4.2.2.1
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
AddRemove-Mozilla Firefox (3.0.15) - g:\system\Apps\3C9F7B3F-D55C-42cd-8537-B878518B73AF\Exec\firefox\uninstall\helper.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-29 16:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: NVIDIA__ rev. -> \Device\Ide\IdePort0

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8AB68446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8ab6e504]; MOV EAX, [0x8ab6e580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8ABCCAB8]
3 CLASSPNP[0xBA0C8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8ABD7318]
\Driver\nvrd32[0x8ACCCD40] -> IRP_MJ_CREATE -> 0x8AB68446
error: Read The system cannot find the file specified.
kernel: MBR read successfully
detected hooks:
\Device\00000069 -> \??\SCSI#Disk____NVIDIA__MIRROR___465.76G#1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
user & kernel MBR OK
Warning: possible TDL4 rootkit infection !

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1116)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

- - - - - - - > 'lsass.exe'(1176)
c:\windows\system32\WININET.dll
.
Completion time: 2010-10-29 16:13:15
ComboFix-quarantined-files.txt 2010-10-29 21:13

Pre-Run: 452,847,792,128 bytes free
Post-Run: 453,170,327,552 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - A6CA166E506E85E71622ADFEFC979400

Attached Files


  • 0

#6
Essexboy
Posted 29 October 2010 - 03:31 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of this run can you let me know of any remaining problems


Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#7
jeff62
Posted 29 October 2010 - 03:53 PM

jeff62

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
2010/10/29 16:44:27.0640 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/29 16:44:27.0640 ================================================================================
2010/10/29 16:44:27.0640 SystemInfo:
2010/10/29 16:44:27.0640
2010/10/29 16:44:27.0640 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/29 16:44:27.0640 Product type: Workstation
2010/10/29 16:44:27.0640 ComputerName: D1FC4PH1
2010/10/29 16:44:27.0640 UserName: Jeff McReynolds
2010/10/29 16:44:27.0640 Windows directory: C:\WINDOWS
2010/10/29 16:44:27.0640 System windows directory: C:\WINDOWS
2010/10/29 16:44:27.0640 Processor architecture: Intel x86
2010/10/29 16:44:27.0640 Number of processors: 2
2010/10/29 16:44:27.0640 Page size: 0x1000
2010/10/29 16:44:27.0640 Boot type: Normal boot
2010/10/29 16:44:27.0640 ================================================================================
2010/10/29 16:44:27.0859 Initialize success
2010/10/29 16:44:43.0375 ================================================================================
2010/10/29 16:44:43.0375 Scan started
2010/10/29 16:44:43.0375 Mode: Manual;
2010/10/29 16:44:43.0375 ================================================================================
2010/10/29 16:44:44.0515 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/10/29 16:44:44.0562 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/29 16:44:44.0609 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/29 16:44:44.0687 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/10/29 16:44:44.0734 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/29 16:44:44.0843 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/29 16:44:44.0906 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/10/29 16:44:44.0906 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/10/29 16:44:44.0921 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/10/29 16:44:44.0937 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/10/29 16:44:44.0968 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/10/29 16:44:45.0046 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/10/29 16:44:45.0078 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/10/29 16:44:45.0093 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/10/29 16:44:45.0125 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/10/29 16:44:45.0140 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/10/29 16:44:45.0156 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/10/29 16:44:45.0203 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/10/29 16:44:45.0250 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/10/29 16:44:45.0296 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/29 16:44:45.0328 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/29 16:44:45.0453 ati2mtag (32983412e7d9c783f7fdcfd5146784af) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/10/29 16:44:45.0531 AtiHdmiService (41c8f0eda10da14378d304c20ba6e558) C:\WINDOWS\system32\drivers\AtiHdmi.sys
2010/10/29 16:44:45.0578 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/29 16:44:45.0593 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/29 16:44:45.0640 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/29 16:44:45.0796 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/10/29 16:44:45.0812 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/29 16:44:45.0812 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/10/29 16:44:45.0843 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/29 16:44:45.0859 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/29 16:44:45.0906 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/29 16:44:45.0937 cfwids (426ee59b25988bb3382fc0a3655deaa2) C:\WINDOWS\system32\drivers\cfwids.sys
2010/10/29 16:44:45.0984 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/10/29 16:44:46.0031 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/10/29 16:44:46.0046 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/10/29 16:44:46.0062 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/10/29 16:44:46.0078 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/10/29 16:44:46.0093 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/29 16:44:46.0140 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/29 16:44:46.0156 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/29 16:44:46.0171 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/29 16:44:46.0203 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/29 16:44:46.0234 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/10/29 16:44:46.0234 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/29 16:44:46.0265 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/29 16:44:46.0296 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/29 16:44:46.0312 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/29 16:44:46.0343 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/10/29 16:44:46.0359 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/10/29 16:44:46.0359 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/29 16:44:46.0375 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/29 16:44:46.0390 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/29 16:44:46.0421 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/29 16:44:46.0468 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
2010/10/29 16:44:46.0500 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/29 16:44:46.0546 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/10/29 16:44:46.0625 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/29 16:44:46.0656 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/10/29 16:44:46.0671 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/10/29 16:44:46.0687 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/29 16:44:46.0718 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/10/29 16:44:46.0859 IntcAzAudAddService (eb5608fd4f2961517ac9f5cac88b023b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/10/29 16:44:47.0062 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/29 16:44:47.0125 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/29 16:44:47.0140 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/10/29 16:44:47.0187 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/29 16:44:47.0234 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/29 16:44:47.0281 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/29 16:44:47.0328 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/29 16:44:47.0359 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/29 16:44:47.0390 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/29 16:44:47.0406 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/29 16:44:47.0437 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/29 16:44:47.0484 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/29 16:44:47.0531 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/29 16:44:47.0640 ltmodem5 (fa2ed4a054360f3f873c15420f1f19cc) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
2010/10/29 16:44:47.0765 mfeapfk (5bd0c401a8ee4a54f6176c0a10d595ae) C:\WINDOWS\system32\drivers\mfeapfk.sys
2010/10/29 16:44:47.0828 mfeavfk (f3bb4dc61b4dc662bdc778cf1634fae1) C:\WINDOWS\system32\drivers\mfeavfk.sys
2010/10/29 16:44:47.0890 mfebopk (b1498db38d129ed31650422fc8bab9c5) C:\WINDOWS\system32\drivers\mfebopk.sys
2010/10/29 16:44:47.0937 mfefirek (51e9ccea45c78858a229afb6e682cf41) C:\WINDOWS\system32\drivers\mfefirek.sys
2010/10/29 16:44:47.0953 mfehidk (32f7298664874715ce469a79078853c4) C:\WINDOWS\system32\drivers\mfehidk.sys
2010/10/29 16:44:47.0984 mfendisk (9d346b15bb3f4aa323784e2774b4e580) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2010/10/29 16:44:48.0015 mfendiskmp (9d346b15bb3f4aa323784e2774b4e580) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2010/10/29 16:44:48.0031 mferkdet (858337b64484cd80eee7d2eba5ac61bc) C:\WINDOWS\system32\drivers\mferkdet.sys
2010/10/29 16:44:48.0062 mfetdi2k (3363aca7b66bd6b37d0f5c148dc9d34b) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2010/10/29 16:44:48.0093 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/29 16:44:48.0109 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/29 16:44:48.0140 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/29 16:44:48.0156 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/29 16:44:48.0187 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/29 16:44:48.0218 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/10/29 16:44:48.0250 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/29 16:44:48.0312 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/29 16:44:48.0328 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/29 16:44:48.0406 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/29 16:44:48.0437 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/29 16:44:48.0453 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/29 16:44:48.0468 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/29 16:44:48.0484 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/29 16:44:48.0500 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/29 16:44:48.0515 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/29 16:44:48.0531 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/29 16:44:48.0562 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/29 16:44:48.0593 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/29 16:44:48.0593 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/29 16:44:48.0625 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/29 16:44:48.0671 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/10/29 16:44:48.0703 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/29 16:44:48.0812 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/29 16:44:48.0843 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/29 16:44:48.0875 NVENETFD (d314fe034d68c09d412727886e24f5fb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/10/29 16:44:48.0875 nvgts (a0b3f3a5049931657164f0ffcf0b208e) C:\WINDOWS\system32\drivers\nvgts.sys
2010/10/29 16:44:48.0906 nvnetbus (f99fbb623ed78367574ee461b5b32c2c) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/10/29 16:44:48.0953 NVR0Dev (812f257ed1cd53fcb1f9f9cc910f4809) C:\WINDOWS\nvoclock.sys
2010/10/29 16:44:48.0984 nvrd32 (c9128fe14e5c1e55710781b5c276f2ed) C:\WINDOWS\system32\drivers\nvrd32.sys
2010/10/29 16:44:49.0015 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/29 16:44:49.0031 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/29 16:44:49.0046 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/10/29 16:44:49.0062 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/10/29 16:44:49.0109 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/29 16:44:49.0125 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/29 16:44:49.0171 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/29 16:44:49.0187 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/29 16:44:49.0203 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/29 16:44:49.0265 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/10/29 16:44:49.0281 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/10/29 16:44:49.0343 pmxmouse (fab495f1defeb596c44b9752a25e2a60) C:\WINDOWS\system32\DRIVERS\pmxmouse.sys
2010/10/29 16:44:49.0375 pmxusblf (1971e853b598bf9baabff2b652e5cd4d) C:\WINDOWS\system32\DRIVERS\pmxusblf.sys
2010/10/29 16:44:49.0406 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/29 16:44:49.0421 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/29 16:44:49.0453 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/29 16:44:49.0500 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/10/29 16:44:49.0515 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/10/29 16:44:49.0531 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/10/29 16:44:49.0531 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/10/29 16:44:49.0546 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/10/29 16:44:49.0562 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/10/29 16:44:49.0593 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/29 16:44:49.0625 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/29 16:44:49.0656 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/29 16:44:49.0671 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/29 16:44:49.0703 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/29 16:44:49.0781 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/29 16:44:49.0796 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/29 16:44:49.0828 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/29 16:44:49.0875 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/29 16:44:49.0921 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/29 16:44:49.0953 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/10/29 16:44:49.0984 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/29 16:44:50.0000 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/10/29 16:44:50.0031 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/10/29 16:44:50.0078 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/29 16:44:50.0109 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/29 16:44:50.0156 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/29 16:44:50.0187 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/29 16:44:50.0203 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/29 16:44:50.0234 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/10/29 16:44:50.0250 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/10/29 16:44:50.0281 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/10/29 16:44:50.0281 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/10/29 16:44:50.0312 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/29 16:44:50.0375 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/29 16:44:50.0406 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/29 16:44:50.0437 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/29 16:44:50.0437 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/29 16:44:50.0468 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/10/29 16:44:50.0500 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/29 16:44:50.0531 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/10/29 16:44:50.0546 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/29 16:44:50.0593 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/29 16:44:50.0625 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/29 16:44:50.0640 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/29 16:44:50.0671 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/10/29 16:44:50.0750 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/29 16:44:50.0828 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/29 16:44:50.0906 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/29 16:44:50.0937 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/29 16:44:50.0968 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/29 16:44:50.0984 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/10/29 16:44:51.0000 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/10/29 16:44:51.0015 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/29 16:44:51.0062 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/29 16:44:51.0093 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/29 16:44:51.0171 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/29 16:44:51.0203 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/29 16:44:51.0250 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/10/29 16:44:51.0265 ================================================================================
2010/10/29 16:44:51.0265 Scan finished
2010/10/29 16:44:51.0265 ================================================================================
2010/10/29 16:44:51.0265 Detected object count: 1
2010/10/29 16:45:16.0812 \HardDisk0\MBR - will be cured after reboot
2010/10/29 16:45:16.0812 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
2010/10/29 16:46:23.0156 Deinitialize success
  • 0

#8
Essexboy
Posted 29 October 2010 - 03:55 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That got it - What problems are you experiencing now ?
  • 0

#9
jeff62
Posted 29 October 2010 - 04:00 PM

jeff62

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Seems normal! Although it would sometimes seem normal for 10-20 minutes after booting up before things started to happen. I'll give it a little time and post again.
  • 0

#10
Essexboy
Posted 29 October 2010 - 04:09 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looking at that I am a happy bunny ;)

I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :D

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 22.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u22-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u22-windows-i586-p.exe and select "Run as an Administrator.")


SPRING CLEAN

Download and run Puran Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe ;)
  • 0

Advertisements

#11
jeff62
Posted 29 October 2010 - 04:25 PM

jeff62

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks so much! You are a gentleman and a scholar. If I was a girl I'd want to have your babies.

I have to get to work; I'll take care of cleanup when the weekend is over. And if everything is still working great after that, I'll be glad to make a donation. You rock!
  • 0

#12
Essexboy
Posted 30 October 2010 - 04:23 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Thankee - but I will only take you up if you are young, blonde and nubile :D

I will remain open until you are happy
  • 0

#13
jeff62
Posted 01 November 2010 - 02:05 PM

jeff62

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi.

I've been using this thing all day, did the cleanup and downloaded the programs you recommended. Everything seems to be utterly normal except for one thing. When I was setting up spyware blaster I noticed it had a setting for firefox. I don't have that on my C drive but I do have it on a flash drive that I use very occasionally. So I plugged in the flash drive, which has a number of U3 programs and a lauch feature that makes them accessible, spyware blaster would detect it and let me protect that browser too. However,it will no longer launch. I have access to all my files on the flash drive; I just can't launch any of my software.

Maybe that has something to do with the settings on my new malware programs? This is getting slightly out of context so if you'd rather not comment or deal with it that's OK. I've got the rest of my machine back, and for that I am most grateful.
  • 0

#14
Essexboy
Posted 01 November 2010 - 02:50 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Disable the firefox protection in spywareblaster and see if that resolves the problem. As you use FF rarely then it should not be a problem. If that does not resolve it we will look at another solution
  • 0

#15
jeff62
Posted 01 November 2010 - 02:56 PM

jeff62

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
It isn't enabled; it says "not detected". That's why I tried to open it from the flash drive; I thought I might need to have it running so it could be detected. But it doesn't open.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP