Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Critical Error

Started by jcmrgc , Dec 28 2010 12:49 PM

  • Please log in to reply

#1
jcmrgc
Posted 28 December 2010 - 12:49 PM

jcmrgc

    Member

  • Member
  • PipPip
  • 19 posts
OTL logfile created on: 12/28/2010 1:38:29 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\James Cavanagh\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.91 Gb Total Space | 118.93 Gb Free Space | 83.22% Space Free | Partition Type: NTFS

Computer Name: CAVANAGH | User Name: James Cavanagh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/28 13:37:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James Cavanagh\My Documents\Downloads\OTL.exe
PRC - [2010/12/28 08:19:36 | 000,462,848 | ---- | M] (msql software) -- C:\Documents and Settings\All Users\Application Data\oUrVPuPddVDgXoF.exe
PRC - [2010/12/11 16:39:03 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/24 10:55:30 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/11/24 10:54:28 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/10/02 07:59:34 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/08/03 21:21:29 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/08/03 21:21:27 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/08/03 21:20:41 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/04/29 14:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 14:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/15 08:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/11/15 08:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2007/10/08 18:04:37 | 001,862,144 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2007/07/09 22:03:06 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/07/03 13:57:38 | 001,228,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/06/07 11:14:36 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe
PRC - [2007/05/11 03:06:32 | 000,040,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2007/05/09 10:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OEM02Mon.exe
PRC - [2007/04/16 16:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/03/15 12:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/02/14 16:23:18 | 000,538,096 | ---- | M] ( ) -- C:\WINDOWS\system32\dlcccoms.exe
PRC - [2006/11/03 18:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/11/02 14:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2006/10/03 11:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/12/28 13:37:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James Cavanagh\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/10/06 10:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/08/03 21:20:41 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/29 14:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2007/11/15 08:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/10/08 18:04:37 | 001,862,144 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/02/14 16:23:18 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)


========== Driver Services (SafeList) ==========

DRV - [2010/08/03 21:22:24 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/08/03 21:22:21 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/08/03 21:22:20 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/29 14:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/05/13 10:41:02 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2009/05/13 10:41:02 | 000,090,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV - [2009/05/13 10:41:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/07/16 20:26:46 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/07/16 20:26:46 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/07/16 20:26:46 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/07/10 15:07:56 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/07/10 14:22:22 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/10 14:22:20 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/10 14:22:18 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/09 22:21:54 | 000,202,912 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/07/09 22:03:04 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/07/09 21:58:42 | 005,707,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/05/09 14:59:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/05/09 10:01:00 | 000,235,584 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/05/08 20:22:58 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/03/05 03:45:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/02 12:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071009
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071009

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071009
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...html?channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: [email protected]:6.010.006.004
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/24 14:16:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG9\Toolbar\Firefox\[email protected] [2010/10/30 17:38:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/19 11:14:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/28 12:30:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 16:39:09 | 000,000,000 | ---D | M]

[2010/07/17 22:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Cavanagh\Application Data\Mozilla\Extensions
[2010/08/19 13:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Cavanagh\Application Data\Mozilla\Firefox\Profiles\00athk2k.default\extensions
[2010/07/17 22:49:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/06 10:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/06 10:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [%PROVIDERID%] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [DELL Webcam Manager] C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [n6VFindlr7A6R] C:\DOCUME~1\ALLUSE~1\APPLIC~1\n6VFindlr7A6R.exe File not found
O4 - HKCU..\Run: [oUrVPuPddVDgXoF.exe] C:\Documents and Settings\All Users\Application Data\oUrVPuPddVDgXoF.exe (msql software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1280887745296 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\dell.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6a0efb01-9f67-11df-83f4-001d6051faf2}\Shell\AutoRun\command - "" = p6xebrnt.exe
O33 - MountPoints2\{6a0efb01-9f67-11df-83f4-001d6051faf2}\Shell\open\Command - "" = p6xebrnt.exe
O33 - MountPoints2\{79754cd7-b3c6-11df-8412-001d6051faf2}\Shell - "" = AutoRun
O33 - MountPoints2\{79754cd7-b3c6-11df-8412-001d6051faf2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{79754cd7-b3c6-11df-8412-001d6051faf2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/28 12:23:45 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/12/28 08:19:41 | 000,416,256 | ---- | C] (Point Corp) -- C:\Documents and Settings\All Users\Application Data\BNdRTrSltpJBLqS.dll
[2010/12/28 08:19:39 | 000,462,848 | ---- | C] (msql software) -- C:\Documents and Settings\All Users\Application Data\oUrVPuPddVDgXoF.exe
[2010/12/23 22:12:25 | 000,398,744 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2006/12/20 17:08:24 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll
[2006/12/20 17:06:58 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll
[2006/12/20 17:01:04 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll
[2006/12/20 16:59:24 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll
[2006/12/20 16:58:02 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcciesc.dll
[2006/12/20 16:55:40 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll
[2006/12/20 16:54:54 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll
[2006/12/20 16:54:20 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll
[2006/12/20 16:47:32 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccinpa.dll
[2006/12/20 16:46:50 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll
[2006/12/20 16:42:36 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/28 13:34:46 | 000,416,256 | ---- | M] (Point Corp) -- C:\Documents and Settings\All Users\Application Data\BNdRTrSltpJBLqS.dll
[2010/12/28 13:34:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/28 13:34:06 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/28 13:34:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/28 09:51:05 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/28 09:49:55 | 069,431,688 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/12/28 08:43:52 | 000,000,264 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~n6VFindlr7A6R
[2010/12/28 08:43:51 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~n6VFindlr7A6Rr
[2010/12/28 08:43:50 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\James Cavanagh\Desktop\Full Scan.lnk
[2010/12/28 08:43:48 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\James Cavanagh\Local Settings\Application Data\prvlcl.dat
[2010/12/28 08:43:21 | 000,000,328 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\n6VFindlr7A6R
[2010/12/28 08:19:36 | 000,462,848 | ---- | M] (msql software) -- C:\Documents and Settings\All Users\Application Data\oUrVPuPddVDgXoF.exe
[2010/12/23 22:12:25 | 000,398,744 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/12/19 22:09:24 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/12/16 13:35:32 | 000,265,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/15 19:34:55 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/28 08:43:51 | 000,000,264 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~n6VFindlr7A6R
[2010/12/28 08:43:51 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~n6VFindlr7A6Rr
[2010/12/28 08:43:49 | 000,000,824 | ---- | C] () -- C:\Documents and Settings\James Cavanagh\Desktop\Full Scan.lnk
[2010/12/28 08:43:21 | 000,000,328 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\n6VFindlr7A6R
[2010/09/10 14:55:03 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\James Cavanagh\Application Data\$_hpcst$.hpc
[2010/08/25 22:52:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\James Cavanagh\Local Settings\Application Data\prvlcl.dat
[2010/08/19 11:05:57 | 000,001,132 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/08/18 15:23:55 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\James Cavanagh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/10/08 18:14:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/10/08 18:01:50 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2007/10/08 17:57:41 | 000,000,118 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/10/08 17:50:09 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/10/08 17:50:08 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/10/08 17:24:30 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/10/08 17:24:30 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2007/10/08 17:24:27 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/10/08 17:23:09 | 000,001,121 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/02/07 12:57:16 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlcccoin.dll
[2007/01/26 07:11:42 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2007/01/26 07:11:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2007/01/26 07:09:58 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2007/01/26 06:59:04 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2007/01/26 06:58:30 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2007/01/26 06:57:38 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2007/01/26 06:57:18 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2007/01/26 06:53:46 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2007/01/22 02:24:50 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2005/08/18 06:26:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2005/04/01 11:44:16 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcccnv4.dll
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== LOP Check ==========

[2010/10/02 11:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/08/03 21:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/08/03 21:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/08/19 11:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2010/09/05 13:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/10 14:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Cavanagh\Application Data\Samsung

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
RKinner
Posted 29 December 2010 - 10:38 AM

RKinner

    Malware Expert

  • Expert
  • 24,444 posts
  • MVP
Copy the text in the code box below by highlighting and then Ctrl + c :

:OTL
PRC - [2010/12/28 08:19:36 | 000,462,848 | ---- | M] (msql software) -- C:\Documents and Settings\All Users\Application Data\oUrVPuPddVDgXoF.exe
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [%PROVIDERID%] File not found
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKCU..\Run: [n6VFindlr7A6R] C:\DOCUME~1\ALLUSE~1\APPLIC~1\n6VFindlr7A6R.exe File not found
O4 - HKCU..\Run: [oUrVPuPddVDgXoF.exe] C:\Documents and Settings\All Users\Application Data\oUrVPuPddVDgXoF.exe (msql software)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\{6a0efb01-9f67-11df-83f4-001d6051faf2}\Shell\AutoRun\command - "" = p6xebrnt.exe
O33 - MountPoints2\{6a0efb01-9f67-11df-83f4-001d6051faf2}\Shell\open\Command - "" = p6xebrnt.exe
O33 - MountPoints2\{79754cd7-b3c6-11df-8412-001d6051faf2}\Shell - "" = AutoRun
O33 - MountPoints2\{79754cd7-b3c6-11df-8412-001d6051faf2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{79754cd7-b3c6-11df-8412-001d6051faf2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
[2010/12/28 08:43:52 | 000,000,264 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~n6VFindlr7A6R
[2010/12/28 08:43:51 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~n6VFindlr7A6Rr
[2010/12/28 08:43:50 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\James Cavanagh\Desktop\Full Scan.lnk
[2010/12/28 08:43:48 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\James Cavanagh\Local Settings\Application Data\prvlcl.dat
[2010/12/28 08:43:21 | 000,000,328 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\n6VFindlr7A6R
[2010/12/28 08:19:36 | 000,462,848 | ---- | M] (msql software) -- C:\Documents and Settings\All Users\Application Data\oUrVPuPddVDgXoF.exe

:FILES
C:\Documents and Settings\All Users\Application Data\BNdRTrSltpJBLqS.dll
C:\Documents and Settings\All Users\Application Data\oUrVPuPddVDgXoF.exe
C:\WINDOWS\Tasks\At*.job


:Commands
[PURITY]
[EMPTYTEMP]
[RESETHOSTS]

Run OTL then paste the above in the box where it says Custom Scans/Fixes. Verify that you got it all then hit RUN FIX.

Copy and past the log it creates into a Reply.



Turn off or Pause your Antivirus.

Download Combofix from any of the links below but rename it to george.exe before saving it to your desktop.

http://subs.geekstogo.com/ComboFix.exe
http://download.blee...Bs/ComboFix.exe
http://www.infospywa...alware/combofix


==================================


Double click on george.exe & follow the prompts. Allow it to install the Recovery Console. It may need to reboot.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Posted Image Please download Malwarebytes' Anti-Malware from http://www.malwareby...am-download.php

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Run OTL.
In the Extra Registry group, Select the Use SafeList option. In the File Scans areas set the File Age to 90 Days.
Press the Run Scan button.

You will receive two logs. Please post (copy and paste do not attach) them both.

Ron
  • 0

#3
jcmrgc
Posted 29 December 2010 - 12:39 PM

jcmrgc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
All processes killed
========== OTL ==========
No active process named oUrVPuPddVDgXoF.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully.
C:\Program Files\Dell\BAE\BAE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
File C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\%PROVIDERID% deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\n6VFindlr7A6R not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\oUrVPuPddVDgXoF.exe deleted successfully.
C:\Documents and Settings\All Users\Application Data\oUrVPuPddVDgXoF.exe moved successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a0efb01-9f67-11df-83f4-001d6051faf2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a0efb01-9f67-11df-83f4-001d6051faf2}\ not found.
File p6xebrnt.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a0efb01-9f67-11df-83f4-001d6051faf2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a0efb01-9f67-11df-83f4-001d6051faf2}\ not found.
File p6xebrnt.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79754cd7-b3c6-11df-8412-001d6051faf2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79754cd7-b3c6-11df-8412-001d6051faf2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79754cd7-b3c6-11df-8412-001d6051faf2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79754cd7-b3c6-11df-8412-001d6051faf2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79754cd7-b3c6-11df-8412-001d6051faf2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79754cd7-b3c6-11df-8412-001d6051faf2}\ not found.
File E:\LaunchU3.exe not found.
File C:\Documents and Settings\All Users\Application Data\~n6VFindlr7A6R not found.
File C:\Documents and Settings\All Users\Application Data\~n6VFindlr7A6Rr not found.
File C:\Documents and Settings\James Cavanagh\Desktop\Full Scan.lnk not found.
C:\Documents and Settings\James Cavanagh\Local Settings\Application Data\prvlcl.dat moved successfully.
File C:\Documents and Settings\All Users\Application Data\n6VFindlr7A6R not found.
File C:\Documents and Settings\All Users\Application Data\oUrVPuPddVDgXoF.exe not found.
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\BNdRTrSltpJBLqS.dll moved successfully.
File\Folder C:\Documents and Settings\All Users\Application Data\oUrVPuPddVDgXoF.exe not found.
File\Folder C:\WINDOWS\Tasks\At*.job not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 3640502 bytes
->Temporary Internet Files folder emptied: 1449139 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: James Cavanagh
->Temp folder emptied: 229646 bytes
->Temporary Internet Files folder emptied: 6010231 bytes
->FireFox cache emptied: 54568094 bytes
->Flash cache emptied: 714 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 44584 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 63.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.18.0 log created on 12292010_132613

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#4
jcmrgc
Posted 29 December 2010 - 01:50 PM

jcmrgc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi, I am having a hard time removing AVG and ComboFix will not run while it's still in the system. I tried uninstall, removing it from regedit and rebooting but it must still be resident somewhere. please advise how to remove AVG so that combofix can run. Thanks a lot.
  • 0

#5
RKinner
Posted 29 December 2010 - 02:59 PM

RKinner

    Malware Expert

  • Expert
  • 24,444 posts
  • MVP
Run the AVG removal tool:

http://download.avg....6_2011_1165.exe

Then try combofix - perhaps in Safe Mode with Networking.

Ron
  • 0

#6
jcmrgc
Posted 29 December 2010 - 07:49 PM

jcmrgc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
hey Ron, I ran AVG removal program. first in normal startup then in safe mode and tried running combofix in normal and in safemode. both times a warning comes up saying AVG scanner is still present and that files and possibly the machine will be harmed if combofix continues with run. I exited out both times. Fearing that machine will disintegrate before my very eyes...lol... the message made it sound that way. should i let combofix run anyway? or proceed with the other steps without running combofix. or maybe reinstall avg then run the remover since I had deleted some files maybe that has affected the removal process? Thanks Ron.
  • 0

#7
RKinner
Posted 29 December 2010 - 08:05 PM

RKinner

    Malware Expert

  • Expert
  • 24,444 posts
  • MVP
Go ahead and run Combofix. All that will happen if AVG is really running is that it might not work or take twice as long. If Combofix won't run then go on to the other steps.

Ron
  • 0

#8
jcmrgc
Posted 31 December 2010 - 11:22 AM

jcmrgc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here's combofix report:

ComboFix 10-12-30.03 - James Cavanagh 12/31/2010 12:03:57.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.2033 [GMT -5:00]
Running from: c:\documents and settings\James Cavanagh\My Documents\Downloads\george.exe.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-31 )))))))))))))))))))))))))))))))
.

2010-12-29 18:26 . 2010-12-29 18:26 -------- d-----w- C:\_OTL
2010-12-28 17:34 . 2010-12-28 17:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
2010-12-28 17:30 . 2010-12-28 17:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-12-28 17:25 . 2010-12-28 17:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-12-24 03:12 . 2010-12-24 03:12 398744 ----a-r- c:\windows\system32\cpnprt2.cid
2010-12-14 23:42 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-14 23:41 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2010-08-04 02:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-08-04 02:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2004-08-11 22:12 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:34 . 2004-08-11 22:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34 . 2004-08-11 22:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34 . 2004-08-11 22:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34 . 2004-08-11 22:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-11-03 12:25 . 2004-08-11 22:00 389120 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-11 22:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-11 22:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-11 22:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DELL Webcam Manager"="c:\program files\DELL\DELL Webcam Manager\DellWMgr.exe" [2007-06-07 118784]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-10 851968]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-10 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-10 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-10 137752]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-05-09 1392640]
"SigmatelSysTrayApp"="stsystra.exe" [2007-07-10 405504]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-08 1862144]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2006-02-24 73728]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-10-8 50688]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^James Cavanagh^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\James Cavanagh\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dlcccoms.exe"=

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/3/2010 9:04 PM 363344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/3/2010 9:04 PM 20952]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/25/2010 7:40 PM 136176]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [9/10/2010 2:55 PM 90240]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [9/10/2010 2:55 PM 14976]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [9/10/2010 2:55 PM 121856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-09-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 00:40]

2010-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 00:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071009
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\documents and settings\James Cavanagh\Application Data\Mozilla\Firefox\Profiles\00athk2k.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c58ced2&v=6.010.006.004&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -

Notify-avgrsstarter - avgrsstx.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-31 12:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(2820)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dlcccoms.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\stsystra.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-12-31 12:15:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-31 17:15

Pre-Run: 129,221,242,880 bytes free
Post-Run: 129,092,911,104 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - D3A732A0F2403F74D6380E0475BD7036
  • 0

#9
jcmrgc
Posted 31 December 2010 - 11:27 AM

jcmrgc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here's mbam report

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5408

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/31/2010 12:25:38 PM
mbam-log-2010-12-31 (12-25-38).txt

Scan type: Quick scan
Objects scanned: 153928
Time elapsed: 2 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#10
jcmrgc
Posted 31 December 2010 - 11:46 AM

jcmrgc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
here's OTL log.
OTL logfile created on: 12/31/2010 12:29:20 PM - Run 3
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\James Cavanagh\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.91 Gb Total Space | 120.26 Gb Free Space | 84.15% Space Free | Partition Type: NTFS

Computer Name: CAVANAGH | User Name: James Cavanagh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\James Cavanagh\My Documents\Downloads\OTL(4).exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
PRC - C:\WINDOWS\OEM02Mon.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
PRC - C:\WINDOWS\system32\dlcccoms.exe ( )
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\James Cavanagh\My Documents\Downloads\OTL(4).exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (dlcc_device) -- C:\WINDOWS\System32\dlcccoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\george.exe\catchme.sys File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (sscemdm) -- C:\WINDOWS\system32\drivers\sscemdm.sys (MCCI Corporation)
DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\WINDOWS\system32\drivers\sscebus.sys (MCCI Corporation)
DRV - (sscemdfl) -- C:\WINDOWS\system32\drivers\sscemdfl.sys (MCCI Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (OEM02Dev) -- C:\WINDOWS\system32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (OEM02Vfx) -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DXEC02) -- C:\WINDOWS\system32\drivers\dxec02.sys (Knowles Acoustics)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071009
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071009

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG9\Toolbar\Firefox\[email protected]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/19 11:14:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/28 12:30:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 16:39:09 | 000,000,000 | ---D | M]

[2010/07/17 22:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Cavanagh\Application Data\Mozilla\Extensions
[2010/08/19 13:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Cavanagh\Application Data\Mozilla\Firefox\Profiles\00athk2k.default\extensions
[2010/07/17 22:49:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/06 10:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/06 10:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2010/12/31 12:10:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [DELL Webcam Manager] C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1280887745296 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\dell.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/12/31 12:28:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/12/31 12:02:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/29 20:40:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/29 20:40:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/29 20:40:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/29 20:40:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/29 20:17:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/29 13:41:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/29 13:26:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/28 12:23:45 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/12/23 22:12:25 | 000,398,744 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/12/14 18:42:25 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/14 18:41:33 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/11/18 13:12:44 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2010/11/13 12:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\dl_Cats
[2010/11/13 12:11:54 | 000,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2010/11/13 12:11:32 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wiafbdrv.dll
[2010/11/13 12:11:32 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2010/11/13 12:08:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Cavanagh\My Documents\Dolores
[2010/10/30 19:00:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/10/30 17:59:34 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/10/17 10:29:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/10/14 15:59:36 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2010/10/14 15:59:36 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/14 15:59:35 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/14 15:59:12 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/10/09 08:33:32 | 000,007,552 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypvu1.sys
[2006/12/20 17:08:24 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll
[2006/12/20 17:06:58 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll
[2006/12/20 17:01:04 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll
[2006/12/20 16:59:24 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll
[2006/12/20 16:58:02 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcciesc.dll
[2006/12/20 16:55:40 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll
[2006/12/20 16:54:54 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll
[2006/12/20 16:54:20 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll
[2006/12/20 16:47:32 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccinpa.dll
[2006/12/20 16:46:50 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll
[2006/12/20 16:42:36 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll

========== Files - Modified Within 90 Days ==========

[2010/12/31 12:10:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/31 12:10:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/31 12:10:22 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/31 12:10:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/31 12:02:43 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/12/30 21:58:06 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/30 08:39:03 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/12/29 11:34:52 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/12/23 22:12:25 | 000,398,744 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/16 13:35:32 | 000,265,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/15 19:35:38 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/18 13:12:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2010/11/18 13:12:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2010/11/15 00:09:10 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/10 19:06:10 | 000,385,164 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/10 19:06:10 | 000,054,682 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/05 19:34:12 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/11/05 19:34:12 | 000,832,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/11/05 19:34:12 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2010/11/05 19:34:12 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010/11/05 19:34:12 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2010/11/05 19:34:12 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2010/11/05 19:34:12 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2010/11/05 19:34:12 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2010/11/05 19:34:12 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2010/11/05 19:34:12 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2010/11/05 19:34:12 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010/11/05 19:34:12 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2010/11/05 19:34:12 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2010/11/05 19:34:11 | 006,075,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/11/05 19:34:11 | 003,604,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/11/05 19:34:11 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2010/11/05 19:34:11 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2010/11/05 19:34:11 | 000,468,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010/11/05 19:34:11 | 000,468,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/11/05 19:34:11 | 000,384,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2010/11/05 19:34:11 | 000,384,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2010/11/05 19:34:11 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2010/11/05 19:34:11 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010/11/05 19:34:11 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2010/11/05 19:34:11 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2010/11/05 19:34:11 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/11/05 19:34:11 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2010/11/05 19:34:11 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2010/11/05 19:34:11 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2010/11/05 19:34:11 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2010/11/05 19:34:11 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/11/05 19:34:11 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/11/05 19:34:11 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2010/11/05 19:34:11 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2010/11/05 19:34:11 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2010/11/05 19:34:11 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2010/11/05 19:34:11 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/11/05 19:34:11 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010/11/05 19:34:11 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2010/11/05 19:34:11 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010/11/05 19:34:11 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/11/05 19:34:11 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2010/11/05 19:34:11 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2010/11/05 19:34:11 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010/11/05 19:34:11 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010/11/05 19:34:11 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2010/11/05 19:34:11 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2010/11/03 07:25:53 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2010/11/03 07:24:56 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2010/11/03 07:24:56 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2010/11/03 07:24:55 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2010/11/03 07:24:55 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2010/11/02 10:17:02 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/10/30 18:22:57 | 000,056,708 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/30 17:57:56 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/10/28 08:13:22 | 000,290,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2010/10/28 08:13:22 | 000,290,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2010/10/26 08:25:00 | 001,853,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2010/10/26 08:25:00 | 001,853,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2010/10/18 06:07:43 | 000,634,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2010/10/18 06:06:11 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakui.dll
[2010/10/18 06:06:11 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll
[2010/10/11 09:59:30 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/10/09 08:54:36 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/10/09 08:43:28 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\James Cavanagh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2010/12/31 12:02:43 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/12/31 12:02:42 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/29 20:40:09 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/29 20:40:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/29 20:40:09 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/29 20:40:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/29 20:40:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/15 00:09:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/30 18:22:57 | 000,056,708 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/30 17:57:56 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/10/09 08:54:36 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/10 14:55:03 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\James Cavanagh\Application Data\$_hpcst$.hpc
[2010/08/19 11:05:57 | 000,001,132 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/08/18 15:23:55 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\James Cavanagh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/10/08 18:14:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/10/08 18:01:50 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2007/10/08 17:57:41 | 000,000,118 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/10/08 17:50:09 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/10/08 17:50:08 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/10/08 17:24:30 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/10/08 17:24:30 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2007/10/08 17:24:27 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/10/08 17:23:09 | 000,001,121 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/02/07 12:57:16 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlcccoin.dll
[2007/01/26 07:11:42 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2007/01/26 07:11:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2007/01/26 07:09:58 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2007/01/26 06:59:04 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2007/01/26 06:58:30 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2007/01/26 06:57:38 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2007/01/26 06:57:18 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2007/01/26 06:53:46 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2007/01/22 02:24:50 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2005/08/18 06:26:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2005/04/01 11:44:16 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcccnv4.dll
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

< End of report >



SECOND OTL

OTL Extras logfile created on: 12/31/2010 12:29:20 PM - Run 3
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\James Cavanagh\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.91 Gb Total Space | 120.26 Gb Free Space | 84.15% Space Free | Partition Type: NTFS

Computer Name: CAVANAGH | User Name: James Cavanagh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OtsMedia.Surf] -- Reg Error: Value error.
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\dlcccoms.exe" = C:\WINDOWS\system32\dlcccoms.exe:*:Enabled:Dell 924 Server -- ( )


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91D3AD6F-09CD-4695-9FA3-8FB15429BE97}" = D110
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}" = IntelliSonic Speech Enhancement
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}" = HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Creative OEM002" = Laptop Integrated Webcam Driver (1.02.01.0612)
"DELL Webcam Center" = DELL Webcam Center
"DELL Webcam Manager" = DELL Webcam Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"SearchAssist" = SearchAssist
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Dell Touchpad
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/27/2010 9:55:36 PM | Computer Name = CAVANAGH | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 12/28/2010 9:41:17 AM | Computer Name = CAVANAGH | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 12/28/2010 9:43:55 AM | Computer Name = CAVANAGH | Source = Application Error | ID = 1000
Description = Faulting application quickset.exe, version 8.3.10.0, faulting module
quickset.exe, version 8.3.10.0, fault address 0x000165d7.

Error - 12/28/2010 2:56:22 PM | Computer Name = CAVANAGH | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 12/28/2010 3:23:40 PM | Computer Name = CAVANAGH | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 12/29/2010 12:58:29 PM | Computer Name = CAVANAGH | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 12/29/2010 2:02:16 PM | Computer Name = CAVANAGH | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 12/29/2010 3:30:14 PM | Computer Name = CAVANAGH | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 12/29/2010 11:47:19 PM | Computer Name = CAVANAGH | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 12/31/2010 12:39:21 PM | Computer Name = CAVANAGH | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 12/29/2010 9:08:46 PM | Computer Name = CAVANAGH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/29/2010 9:10:01 PM | Computer Name = CAVANAGH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/29/2010 9:27:51 PM | Computer Name = CAVANAGH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/29/2010 9:28:35 PM | Computer Name = CAVANAGH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/29/2010 9:29:02 PM | Computer Name = CAVANAGH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
APPDRV Fips intelppm

Error - 12/29/2010 9:37:00 PM | Computer Name = CAVANAGH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/29/2010 9:38:19 PM | Computer Name = CAVANAGH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/29/2010 9:39:06 PM | Computer Name = CAVANAGH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/29/2010 9:40:25 PM | Computer Name = CAVANAGH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/31/2010 1:03:46 PM | Computer Name = CAVANAGH | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).


< End of report >
  • 0

#11
RKinner
Posted 31 December 2010 - 12:12 PM

RKinner

    Malware Expert

  • Expert
  • 24,444 posts
  • MVP
AVG is not running but WMI is still reporting it. We can fix that with Combofix:

Copy the text in the code box below by highlighting and then Ctrl + c :

KILLALL::

SecCenter:: 
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

Folder::
c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
C:\$AVG

Run OTL then paste the above in the box where it says Custom Scans/Fixes. Verify that you got it all then hit RUN FIX.

Copy and past the log it creates into a Reply.

Close all browsers then
Uninstall J2SE Runtime Environment 5.0 Update 6

Then get the latest Java from:
http://javadl.sun.co...?BundleId=44457

Download and Save it to your desktop. Close all browsers and run it. Uncheck any free offers of Yahoo Toolbar or the like.

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

Run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Download, Save to your desktop and run mbr.exe:
http://www2.gmer.net/mbr/mbr.exe
It will create a log. Please, open, copy and paste.

Install the free Avast:
http://www.avast.com...ivirus-download

You can allow it to do a boot-time scan if you want. It will take several hours and you may need to check back with it once in a while to see if it needs input from you.

How is your PC running now?
  • 0

#12
jcmrgc
Posted 03 January 2011 - 07:22 PM

jcmrgc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hey Ron, Happy New Year. The computer is running much faster. You are a genius. :D Here's the MBR report

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 130):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xB9E4D000 iaStor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E2D000 fltmgr.sys
0xB9E1B000 sr.sys
0xB9E04000 KSecDD.sys
0xB9D77000 Ntfs.sys
0xB9D4A000 NDIS.sys
0xBA0F8000 ohci1394.sys
0xBA108000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9D30000 Mup.sys
0xBA188000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA308000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB935A000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB9346000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA3D0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9322000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3D8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB92FA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB9266000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xBA138000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xB9252000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xBA148000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xB923E000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xB91ED000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xBA158000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB91BB000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xBA5D8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA3E0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA3E8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA168000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA178000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA198000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9198000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA3F0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB9CF8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB9CF4000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA6B5000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9CF0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9181000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3F8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9170000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA400000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA408000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9140000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5DA000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB901A000 \SystemRoot\system32\DRIVERS\update.sys
0xB98DC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA1F8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA228000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xA8DD4000 \SystemRoot\system32\drivers\sthda.sys
0xA8DB0000 \SystemRoot\system32\drivers\portcls.sys
0xBA238000 \SystemRoot\system32\drivers\drmk.sys
0xA8D96000 \SystemRoot\system32\drivers\dxec02.sys
0xA8D62000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xA8C70000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xA8BBD000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA410000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA598000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA5E8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6B6000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5EA000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA420000 \SystemRoot\System32\drivers\vga.sys
0xBA5EE000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5F0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA428000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA430000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA5A0000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA8B62000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA8B09000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA8AE1000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA8ABF000 \SystemRoot\System32\drivers\afd.sys
0xBA248000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA8A94000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA89FC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA268000 \SystemRoot\System32\Drivers\Fips.SYS
0xA89D6000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA438000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA899C000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
0xBA5F4000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
0xBA288000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA298000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA8EFA000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xBA318000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA895C000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA620000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA8A88000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA458000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7ED000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1D8000 \SystemRoot\System32\igxpdx32.DLL
0xA88B8000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xA8858000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA8547000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA5F6000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xA83CA000 \SystemRoot\system32\drivers\wdmaud.sys
0xA85F4000 \SystemRoot\system32\drivers\sysaudio.sys
0xA84D7000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA818C000 \SystemRoot\system32\DRIVERS\srv.sys
0xA7AE3000 \SystemRoot\System32\Drivers\HTTP.sys
0xA7D34000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xA73D5000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 57):
0 System Idle Process
4 System
804 C:\WINDOWS\system32\smss.exe
872 csrss.exe
896 C:\WINDOWS\system32\winlogon.exe
940 C:\WINDOWS\system32\services.exe
952 C:\WINDOWS\system32\lsass.exe
1120 C:\WINDOWS\system32\svchost.exe
1188 svchost.exe
1228 C:\WINDOWS\system32\svchost.exe
1348 svchost.exe
1376 svchost.exe
1572 C:\WINDOWS\system32\WLTRYSVC.EXE
1588 C:\WINDOWS\system32\BCMWLTRY.EXE
1640 C:\WINDOWS\system32\spoolsv.exe
1748 svchost.exe
1784 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1804 C:\Program Files\Bonjour\mDNSResponder.exe
1836 C:\WINDOWS\system32\dlcccoms.exe
1936 C:\WINDOWS\system32\svchost.exe
236 C:\WINDOWS\system32\svchost.exe
380 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
520 C:\WINDOWS\system32\svchost.exe
528 C:\WINDOWS\explorer.exe
544 C:\WINDOWS\system32\svchost.exe
716 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
728 C:\WINDOWS\system32\svchost.exe
824 wdfmgr.exe
2324 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2348 C:\WINDOWS\system32\hkcmd.exe
2360 C:\WINDOWS\system32\igfxpers.exe
2384 C:\WINDOWS\OEM02Mon.exe
2404 C:\WINDOWS\system32\igfxsrvc.exe
2460 C:\Program Files\Dell\QuickSet\quickset.exe
2744 C:\WINDOWS\system32\WLTRAY.EXE
2784 C:\WINDOWS\stsystra.exe
2828 C:\WINDOWS\system32\KADxMain.exe
3148 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
3172 wmiprvse.exe
3248 alg.exe
3272 C:\Program Files\Dell\MediaDirect\PCMService.exe
3508 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
3548 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
3584 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3608 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
3700 C:\Program Files\iTunes\iTunesHelper.exe
3748 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
3796 C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe
3828 C:\Program Files\DellSupport\DSAgnt.exe
3872 C:\WINDOWS\system32\ctfmon.exe
3900 C:\Program Files\Digital Line Detect\DLG.exe
4012 C:\Program Files\iPod\bin\iPodService.exe
2864 C:\WINDOWS\system32\svchost.exe
3852 C:\WINDOWS\system32\msiexec.exe
2192 C:\Program Files\Java\jre6\bin\jqs.exe
2128 C:\Program Files\Mozilla Firefox\firefox.exe
1904 C:\Documents and Settings\James Cavanagh\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`04e71400 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK1637GSX, Rev: DL040D

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: BF118E4CFC2D7C7489A85AC7AD11D2A979F74824


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Thank you Ron. I'll continue with the next step.
  • 0

#13
jcmrgc
Posted 03 January 2011 - 08:29 PM

jcmrgc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hey Ron.Again
Here's ESET log:

[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=f12783991398e3419ed1b0849d8d8101
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-04 02:20:09
# local_time=2011-01-03 09:20:09 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=73015
# found=15
# cleaned=15
# scan_time=2744
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP69\A0045154.dll a variant of Win32/Kryptik.JGV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP69\A0046146.exe a variant of Win32/Kryptik.JGV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP69\A0046165.dll a variant of Win32/Kryptik.JGV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP69\A0046181.dll a variant of Win32/Kryptik.JGV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP69\A0046208.dll a variant of Win32/Kryptik.JGV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP69\A0046234.dll a variant of Win32/Kryptik.JGV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP69\A0046252.dll a variant of Win32/Kryptik.JGV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP69\A0046277.dll a variant of Win32/Kryptik.JGV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP69\A0047277.dll a variant of Win32/Kryptik.JGV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP69\A0048304.dll a variant of Win32/Kryptik.JGV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP69\A0048317.dll a variant of Win32/Kryptik.JGV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP69\A0048340.dll a variant of Win32/Kryptik.JGV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP69\A0048358.dll a variant of Win32/Kryptik.JGV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12292010_132613\C_Documents and Settings\All Users\Application Data\BNdRTrSltpJBLqS.dll a variant of Win32/Kryptik.JGV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12292010_132613\C_Documents and Settings\All Users\Application Data\oUrVPuPddVDgXoF.exe a variant of Win32/Kryptik.JGV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  • 0

#14
jcmrgc
Posted 03 January 2011 - 08:32 PM

jcmrgc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here's MBR.EXE log

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: TOSHIBA_MK1637GSX rev.DL040D -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
  • 0

#15
RKinner
Posted 03 January 2011 - 08:51 PM

RKinner

    Malware Expert

  • Expert
  • 24,444 posts
  • MVP
ESET just found some stuff we had already removed plus some copies in System Restore so that's good. MBR seems happy. Can't say the same for mbrcheck. Seems you have a non-standard mbr. Run mbrcheck again and this time say Y and then choose item 1 to create a dump of the mbr code. You want drive 0 and save it at mbrdumpjcmrgc.txt. Then ATTACH the file to your next reply. Do not copy and paste as it is not really a text file but the forum software is picky about what extensions so we use txt. I will submit it to our resident guru of mbrs who will check it for us. I expect it's OK since you don't seem to have any more problems but better to be safe. Also tell me your PC's make and model.

We need to clean it up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f

Since you no longer have an anti-virus I suggest you install the free Avast.
http://www.avast.com...ivirus-download
Probably would not hurt to let it do a boot-time scan tho this may take many hours.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP