Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Palladium


  • This topic is locked This topic is locked

#1
patfan4lif

patfan4lif

    Member

  • Member
  • PipPip
  • 78 posts
It started with a pop-up that said I had a trojan virus and that I needed to install Palladium spyware removal to fix the problem. I could not do anything. No internet access, no "ctrl alt dlt". I have an up to date version of Mcafee and that would not run. The Palladium pop-up even came while in safe mode. I had no choice but to install the palladium. Now in order to fix the problem it is telling me I have to purchase the program. But I now have accsess to the internet and I am able to contact this forum.

Attached Files

  • Attached File  OTL1.Txt   119.16KB   112 downloads

  • 0

Advertisements


#2
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

i'll post the log instead to make it easier for me to analyze it.

OTL logfile created on: 1/4/2011 12:29:08 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\joann.HOMER33.000\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): c:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.94 Gb Total Space | 10.84 Gb Free Space | 15.28% Space Free | Partition Type: NTFS
Drive D: | 250.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 1.92 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 1.84 Gb Total Space | 0.31 Gb Free Space | 16.80% Space Free | Partition Type: FAT

Computer Name: BRIAN | User Name: joann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/04 12:27:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\joann.HOMER33.000\Desktop\OTL.exe
PRC - [2010/12/08 18:28:23 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Documents and Settings\joann.HOMER33.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/10/13 21:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2010/10/13 21:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
PRC - [2010/10/05 15:34:08 | 000,835,584 | ---- | M] () -- C:\Program Files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe
PRC - [2010/10/05 15:33:44 | 000,163,840 | ---- | M] (Verizon) -- C:\Program Files\Verizon\Verizon Media Manager\Release\VZVideoAgent.exe
PRC - [2010/09/30 12:10:36 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2005/06/01 06:47:49 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2003/09/17 11:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
PRC - [2003/08/28 13:01:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
PRC - [2003/01/10 18:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2002/09/17 17:31:26 | 000,053,248 | ---- | M] (Fellowes, Inc.) -- C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe


========== Modules (SafeList) ==========

MOD - [2011/01/04 12:27:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\joann.HOMER33.000\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2002/09/17 17:28:16 | 000,090,112 | ---- | M] (Fellowes, Inc.) -- C:\Program Files\Fellowes\MediaFACE 4.0\MFHookManager.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/10/13 21:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 21:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/08/31 15:50:40 | 000,041,776 | R--- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2008/04/13 19:12:35 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\skeys.exe -- (SerialKeys)
SRV - [2007/03/20 07:19:14 | 000,263,168 | ---- | M] (Ares Development Group) [On_Demand | Stopped] -- C:\Program Files\Ares Ultra\chatServer.exe -- (AresChatServer)
SRV - [2004/07/01 15:45:46 | 000,421,888 | ---- | M] (Dell) [Disabled | Stopped] -- C:\WINDOWS\System32\dlbucoms.exe -- (dlbu_device)
SRV - [2003/08/28 13:01:22 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)
SRV - [2003/01/10 18:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\WscNetDr.sys -- (WscNetDr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DDMI2.sys -- (SDDMI2)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\dnxtkfl.sys -- (rgynrdd)
DRV - [2010/10/13 21:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 21:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 21:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 21:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 21:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 21:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 21:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 21:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 21:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cfwids.sys -- (cfwids)
DRV - [2010/10/13 21:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2010/09/07 11:27:20 | 000,036,352 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\intelppm.sys -- (intelppm)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/09/29 00:02:00 | 000,016,752 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctpdusb2.sys -- (Jukebox)
DRV - [2004/08/12 09:07:42 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/12 09:06:53 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/12 09:06:53 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/12 09:06:53 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/12 09:06:52 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/12 09:06:16 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/12 09:03:54 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/12 09:03:53 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/12 09:03:53 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/12 09:00:09 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/12 08:56:47 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/12 08:56:06 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/12 08:55:49 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/12 08:55:49 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/12 08:55:47 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/06/15 23:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/06/09 13:16:00 | 000,840,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P17.sys -- (P17)
DRV - [2004/05/20 00:58:54 | 000,379,456 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PRISMA02.sys -- (PRISM_A02)
DRV - [2004/03/05 21:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 21:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 21:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/09/22 09:48:00 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 09:47:00 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2003/03/05 13:19:00 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Pfmodnt.sys -- (PfModNT)
DRV - [2003/01/10 18:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 14:05:44 | 000,141,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Icam3.sys -- (ICAM3NT5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C AE 97 2E 82 41 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {3f5f5e47-34a5-408a-b646-d103852199f6} - C:\Program Files\Oryte_Games_1.6\tbOry2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://en-us.start.m...en-US:official"
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\FF2
FF - HKLM\software\mozilla\Firefox\Extensions\\{57B77092-0906-48E7-B331-8DD09B5FA6BA}: C:\Documents and Settings\joann.HOMER33.000\Local Settings\Application Data\{57B77092-0906-48E7-B331-8DD09B5FA6BA}
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/12/14 23:52:44 | 000,000,000 | ---D | M]

[2009/07/14 23:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Mozilla\Extensions
[2009/07/14 23:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Mozilla\Extensions\[email protected]
[2010/12/11 22:19:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Mozilla\Firefox\Profiles\sfaf1yba.default\extensions
[2008/04/03 08:47:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Mozilla\Firefox\Profiles\sfaf1yba.default\extensions\staged-xpis
[2010/12/11 22:19:45 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Mozilla\Firefox\Profiles\sfaf1yba.default\extensions\vshare@toolbar
[2008/04/07 11:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/07 11:55:31 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2)
[2008/04/07 11:55:32 | 000,000,000 | ---D | M] (Real Networks Settings) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/04/07 11:55:32 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(2).org

O1 HOSTS File: ([2010/08/12 22:44:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Oryte Games 1.6 Toolbar) - {3f5f5e47-34a5-408a-b646-d103852199f6} - C:\Program Files\Oryte_Games_1.6\tbOry2.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20101031082050.dll (McAfee, Inc.)
O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Oryte Games 1.6 Toolbar) - {3f5f5e47-34a5-408a-b646-d103852199f6} - C:\Program Files\Oryte_Games_1.6\tbOry2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AIM Search) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Oryte Games 1.6 Toolbar) - {3F5F5E47-34A5-408A-B646-D103852199F6} - C:\Program Files\Oryte_Games_1.6\tbOry2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe (Fellowes, Inc.)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Verizon Media Manager] C:\Program Files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_19.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe File not found
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: bankofamerica.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://my.verizon.co...vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/11 08:32:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/04 12:27:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\joann.HOMER33.000\Desktop\OTL.exe
[2011/01/04 12:20:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/01/03 21:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\Loaris
[2010/12/31 16:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/12/31 16:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Start Menu\Programs\HiJackThis
[2010/12/31 15:58:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Desktop\backups
[2010/12/31 10:18:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Start Menu\Programs\System Tool
[2010/12/31 10:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\pKlBa06300
[2010/12/27 19:58:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\dvdcss
[2010/12/26 11:33:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\MixVibes
[2010/12/26 11:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Start Menu\Programs\MixVibes
[2010/12/26 11:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\MixVibes
[2010/12/18 16:26:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Desktop\New Folder
[2010/12/11 22:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\vShare
[2010/12/11 22:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\vShare
[2010/12/10 12:12:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\My Documents\My Received Files
[2010/12/10 12:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\My Documents\BearShare
[2010/12/10 12:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Local Settings\Application Data\BearShare
[2010/12/10 12:10:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BearShare
[2010/12/10 12:10:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BearShare
[2010/12/10 12:10:03 | 000,000,000 | ---D | C] -- C:\Program Files\BearShare Applications
[2010/12/10 11:56:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{A471C4AE-B27B-4761-9BCF-82FAAAAA2D01}
[2010/12/10 11:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Local Settings\Application Data\PackageAware
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/04 12:41:02 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2774985004-2729123369-274862516-1009UA.job
[2011/01/04 12:39:28 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2011/01/04 12:27:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\joann.HOMER33.000\Desktop\OTL.exe
[2011/01/04 12:22:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/04 12:21:35 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/01/04 12:19:55 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/04 12:19:45 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2011/01/04 12:19:45 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2011/01/04 12:19:45 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2011/01/04 12:19:45 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2011/01/04 12:19:45 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2011/01/04 12:19:45 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2011/01/04 12:19:45 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2011/01/04 12:19:45 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2011/01/04 12:19:45 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2011/01/04 12:19:45 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2011/01/04 12:19:45 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2011/01/04 12:19:45 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2011/01/04 12:19:45 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2011/01/04 12:19:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/01/04 12:19:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/01/04 12:19:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/01/04 12:19:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/01/04 12:19:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/01/04 12:19:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/01/04 12:19:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/01/04 12:19:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/01/04 12:19:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/01/04 12:19:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/01/04 12:19:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/01/04 12:19:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/01/04 12:19:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/01/04 12:19:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/01/04 12:19:45 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2011/01/04 12:19:45 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2011/01/04 12:19:45 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2011/01/04 12:19:45 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2011/01/04 12:19:45 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2011/01/04 12:19:45 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2011/01/04 12:19:45 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2011/01/04 12:19:45 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2011/01/04 12:19:45 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2011/01/04 12:19:45 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2011/01/04 12:19:45 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2011/01/04 12:19:45 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2011/01/04 12:19:45 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2011/01/04 12:19:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/01/04 12:19:37 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/04 11:50:05 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2011/01/04 11:48:01 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/01/04 11:39:01 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2011/01/04 10:50:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2011/01/04 10:48:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/01/04 10:39:01 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2011/01/04 09:50:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2011/01/04 09:48:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/01/04 09:39:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2011/01/04 08:50:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2011/01/04 08:48:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/01/04 08:39:01 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2011/01/04 07:50:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2011/01/04 07:48:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/01/04 07:39:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2011/01/04 06:50:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2011/01/04 06:48:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/01/04 06:39:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2011/01/04 05:50:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2011/01/04 05:48:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/01/04 05:39:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2011/01/04 04:50:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2011/01/04 04:48:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/01/04 04:41:00 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2774985004-2729123369-274862516-1009Core.job
[2011/01/04 04:39:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2011/01/04 03:50:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2011/01/04 03:48:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/01/04 03:39:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2011/01/04 02:50:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2011/01/04 02:48:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/01/04 02:39:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2011/01/04 01:50:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2011/01/03 11:58:14 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\start_pal
[2011/01/03 11:57:14 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\completescan_pal
[2011/01/02 20:10:31 | 000,000,930 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Desktop\Palladium.lnk
[2011/01/02 20:10:31 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\install_pal
[2011/01/02 09:39:35 | 000,442,368 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\palladium.exe
[2011/01/02 09:39:35 | 000,000,257 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\dgfdgsdf.bat
[2011/01/02 09:39:35 | 000,000,007 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\uid_pal
[2011/01/02 09:39:10 | 000,442,368 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\z.exe
[2011/01/01 15:43:30 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/31 09:50:20 | 000,022,339 | ---- | M] () -- C:\WINDOWS\phoneh~5.CSV
[2010/12/31 09:47:37 | 000,022,188 | ---- | M] () -- C:\WINDOWS\phoneh~5.bak
[2010/12/29 17:50:45 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/12/26 12:57:22 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/22 20:33:42 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Desktop\My Network Places.lnk
[2010/12/17 16:42:46 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Desktop\Microsoft Office Word 2007.lnk
[2010/12/16 19:49:28 | 000,011,376 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\My Documents\kacies science paper.docx
[2010/12/15 03:29:49 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/15 01:00:00 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/12/14 12:43:22 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/14 12:43:21 | 000,002,376 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Desktop\Google Chrome.lnk
[2010/12/10 12:11:23 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Microsoft\Internet Explorer\Quick Launch\BearShare.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/02 21:34:21 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\start_pal
[2011/01/02 21:32:26 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\completescan_pal
[2011/01/02 20:10:31 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\install_pal
[2011/01/02 20:10:29 | 000,000,930 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Desktop\Palladium.lnk
[2011/01/02 09:40:02 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
[2011/01/02 09:40:02 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
[2011/01/02 09:40:00 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
[2011/01/02 09:40:00 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
[2011/01/02 09:39:59 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
[2011/01/02 09:39:59 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
[2011/01/02 09:39:59 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
[2011/01/02 09:39:59 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
[2011/01/02 09:39:58 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
[2011/01/02 09:39:58 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
[2011/01/02 09:39:58 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
[2011/01/02 09:39:57 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
[2011/01/02 09:39:57 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2011/01/02 09:39:57 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
[2011/01/02 09:39:53 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2011/01/02 09:39:52 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
[2011/01/02 09:39:52 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2011/01/02 09:39:45 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
[2011/01/02 09:39:38 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2011/01/02 09:39:37 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
[2011/01/02 09:39:37 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2011/01/02 09:39:37 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
[2011/01/02 09:39:37 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2011/01/02 09:39:36 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
[2011/01/02 09:39:35 | 000,442,368 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\palladium.exe
[2011/01/02 09:39:35 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\dgfdgsdf.bat
[2011/01/02 09:39:35 | 000,000,007 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\uid_pal
[2011/01/02 09:39:10 | 000,442,368 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\z.exe
[2010/12/22 20:33:42 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Desktop\My Network Places.lnk
[2010/12/16 19:49:28 | 000,011,376 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\My Documents\kacies science paper.docx
[2010/12/10 12:11:23 | 000,000,863 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Microsoft\Internet Explorer\Quick Launch\BearShare.lnk
[2010/10/15 02:13:42 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/02 14:29:04 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/06 12:58:13 | 000,007,963 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/04/09 14:30:07 | 000,000,023 | ---- | C] () -- C:\WINDOWS\settings.ini
[2007/07/12 08:20:16 | 009,437,238 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\ZBWallpaper.bmp
[2007/03/28 18:02:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2007/02/26 15:28:08 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/13 13:38:10 | 000,000,000 | ---- | C] () -- C:\Program Files\secure32.html
[2006/09/13 13:38:10 | 000,000,000 | ---- | C] () -- C:\Program Files\qusqgd.exe
[2006/08/15 08:30:50 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\internaldb4418.dat
[2006/08/15 08:16:57 | 000,000,299 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\internaldb1942.dat
[2006/07/23 09:31:34 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbucoin.dll
[2006/07/23 09:31:34 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\dlbusnls.dll
[2006/04/27 12:17:38 | 000,000,051 | ---- | C] () -- C:\WINDOWS\rblky.sys
[2006/02/27 21:01:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sys_dll.dll
[2006/01/16 17:30:55 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2005/12/04 20:39:31 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/08/09 17:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/09 17:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/08/09 17:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/05/31 13:02:25 | 000,020,857 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/02/19 20:26:39 | 000,000,725 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/11/24 17:29:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/11/22 15:16:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/22 15:14:53 | 000,002,824 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/11/22 15:11:19 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\PdeSrv2p.dll
[2004/11/22 15:03:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/22 14:59:07 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/11/22 14:58:57 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2004/11/22 14:58:57 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/11/22 14:58:52 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/11/22 14:34:44 | 000,000,459 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/12 09:03:56 | 001,287,168 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2004/08/12 08:58:07 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\intelppm.sys
[2004/08/10 14:13:12 | 000,000,831 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 14:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/06 13:23:06 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbucur.dll
[2004/08/06 13:22:12 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\dlbujswr.dll
[2004/08/06 13:07:24 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbucu.dll
[2004/08/06 13:01:42 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\dlbuutil.dll
[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/10/08 09:09:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbuvs.dll
[2002/09/17 16:02:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2002/09/17 16:01:38 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2002/09/17 16:00:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2002/09/17 16:00:28 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2001/10/24 18:08:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ArmAccess.dll
[1980/01/01 01:00:00 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[1980/01/01 01:00:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2010/12/10 12:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BearShare
[2010/08/28 18:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Business Management Systems
[2010/03/15 17:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CBL-Electronics
[2010/02/14 19:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/02/10 17:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2005/09/20 18:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes
[2006/05/31 11:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freedom
[2008/11/29 00:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\great coal love default
[2005/08/02 17:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/02/10 16:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/12/31 16:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pKlBa06300
[2010/04/18 09:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Socusoft
[2008/03/01 17:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2010/10/23 09:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/03 16:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/08/28 18:54:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{24202FD0-3651-4C5E-8793-E1C3251724EF}
[2010/10/07 06:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/17 20:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/12/10 12:13:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A471C4AE-B27B-4761-9BCF-82FAAAAA2D01}
[2007/01/13 12:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Aim
[2008/02/18 12:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Ares Ultra
[2010/03/15 17:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\CBL-Electronics
[2010/04/22 16:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/09/29 17:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\CVS
[2010/02/10 16:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\DriverCure
[2010/06/30 20:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\ElevatedDiagnostics
[2008/11/29 00:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\error kind find
[2010/04/13 16:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Facebook
[2007/06/02 12:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\GetRightToGo
[2011/01/03 21:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Image Zone Express
[2007/04/03 18:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\InterTrust
[2007/05/23 07:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Jasc
[2005/09/06 13:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Leadertech
[2010/12/26 11:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\MixVibes
[2009/10/01 09:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\mjusbsp
[2006/07/23 09:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\MSNInstaller
[2010/02/05 22:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Musicmatch
[2010/02/11 19:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\PerfectTablePlan
[2010/07/02 22:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Printer Info Cache
[2008/03/01 17:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\TaxCut
[2010/12/18 22:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\uTorrent
[2010/12/11 22:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\vShare
[2010/07/22 05:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Ydxa
[2010/07/22 15:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Zail
[2011/01/04 12:19:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/01/04 09:48:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2011/01/04 10:48:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2011/01/04 11:48:01 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2011/01/04 12:19:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2011/01/04 12:19:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2011/01/04 12:19:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2011/01/04 12:19:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2011/01/04 12:19:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2011/01/04 12:19:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2011/01/04 12:19:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2011/01/04 02:48:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/01/04 12:19:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2011/01/04 12:19:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011/01/04 12:19:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2011/01/04 12:19:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2011/01/04 12:19:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2011/01/04 05:50:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2011/01/04 02:50:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2011/01/04 12:19:45 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2011/01/04 04:50:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2011/01/04 01:50:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2011/01/04 12:19:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/01/04 03:50:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2011/01/04 06:50:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2011/01/04 07:50:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2011/01/04 08:50:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2011/01/04 09:50:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2011/01/04 11:50:05 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2011/01/04 12:19:45 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2011/01/04 12:19:45 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2011/01/04 12:19:45 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2011/01/04 12:19:45 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2011/01/04 03:48:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/01/04 12:19:45 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2011/01/04 12:19:45 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2011/01/04 10:50:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2011/01/04 12:19:45 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2011/01/04 12:19:45 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2011/01/04 12:19:45 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2011/01/04 12:19:45 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2011/01/04 12:19:45 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2011/01/04 12:19:45 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2011/01/04 12:19:45 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At49.job
[2011/01/04 04:48:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/01/04 12:19:45 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At50.job
[2011/01/04 02:39:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At51.job
[2011/01/04 03:39:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At52.job
[2011/01/04 04:39:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At53.job
[2011/01/04 05:39:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At54.job
[2011/01/04 06:39:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At55.job
[2011/01/04 07:39:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At56.job
[2011/01/04 09:39:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At57.job
[2011/01/04 10:39:01 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At58.job
[2011/01/04 11:39:01 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At59.job
[2011/01/04 05:48:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011/01/04 12:39:28 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At60.job
[2011/01/04 12:19:45 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At61.job
[2011/01/04 12:19:45 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
[2011/01/04 12:19:45 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At63.job
[2011/01/04 12:19:45 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
[2011/01/04 12:19:45 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At65.job
[2011/01/04 12:19:45 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
[2011/01/04 12:19:45 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At67.job
[2011/01/04 12:19:45 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
[2011/01/04 12:19:45 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At69.job
[2011/01/04 06:48:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/01/04 12:19:45 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
[2011/01/04 12:19:45 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At71.job
[2011/01/04 08:39:01 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At72.job
[2011/01/04 07:48:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011/01/04 08:48:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/06/16 11:17:01 | 000,001,134 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job
[2010/12/15 01:00:00 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/07/24 15:44:04 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\prismShakeIcon.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2009/06/27 18:46:59 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
[2009/06/27 18:46:59 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩

========== Alternate Data Streams ==========

@Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31FAD21
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:404390E0

< End of report >
  • 0

#3
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\dnxtkfl.sys -- (rgynrdd)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
    O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll File not found
    [2010/12/31 10:18:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Start Menu\Programs\System Tool
    [2011/01/02 09:39:35 | 000,442,368 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\palladium.exe
    [2011/01/02 09:39:35 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\dgfdgsdf.bat
    [2011/01/02 09:39:35 | 000,000,007 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\uid_pal
    [2011/01/02 09:39:10 | 000,442,368 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\z.exe
    [2006/09/13 13:38:10 | 000,000,000 | ---- | C] () -- C:\Program Files\secure32.html
    [2006/09/13 13:38:10 | 000,000,000 | ---- | C] () -- C:\Program Files\qusqgd.exe
    [2006/04/27 12:17:38 | 000,000,051 | ---- | C] () -- C:\WINDOWS\rblky.sys
    [2006/02/27 21:01:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sys_dll.dll
    
    :Services
    
    :Reg
    
    :Files
    C:\WINDOWS\tasks\At*.job
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.


Things I would like to see in your reply:
  • OTL log
  • Combofix.txt

  • 0

#4
patfan4lif

patfan4lif

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
All processes killed
========== OTL ==========
Service rgynrdd stopped successfully!
Service rgynrdd deleted successfully!
File C:\WINDOWS\System32\drivers\dnxtkfl.sys not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7327C09-B521-4EDB-8509-7D2660C9EC98}\ deleted successfully.
C:\Documents and Settings\joann.HOMER33.000\Start Menu\Programs\System Tool folder moved successfully.
C:\Documents and Settings\joann.HOMER33.000\Application Data\palladium.exe moved successfully.
C:\Documents and Settings\joann.HOMER33.000\Application Data\dgfdgsdf.bat moved successfully.
C:\Documents and Settings\joann.HOMER33.000\Application Data\uid_pal moved successfully.
C:\Documents and Settings\joann.HOMER33.000\Application Data\z.exe moved successfully.
C:\Program Files\secure32.html moved successfully.
C:\Program Files\qusqgd.exe moved successfully.
C:\WINDOWS\rblky.sys moved successfully.
C:\WINDOWS\SYSTEM32\sys_dll.dll moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At49.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At50.job moved successfully.
C:\WINDOWS\tasks\At51.job moved successfully.
C:\WINDOWS\tasks\At52.job moved successfully.
C:\WINDOWS\tasks\At53.job moved successfully.
C:\WINDOWS\tasks\At54.job moved successfully.
C:\WINDOWS\tasks\At55.job moved successfully.
C:\WINDOWS\tasks\At56.job moved successfully.
C:\WINDOWS\tasks\At57.job moved successfully.
C:\WINDOWS\tasks\At58.job moved successfully.
C:\WINDOWS\tasks\At59.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At60.job moved successfully.
C:\WINDOWS\tasks\At61.job moved successfully.
C:\WINDOWS\tasks\At62.job moved successfully.
C:\WINDOWS\tasks\At63.job moved successfully.
C:\WINDOWS\tasks\At64.job moved successfully.
C:\WINDOWS\tasks\At65.job moved successfully.
C:\WINDOWS\tasks\At66.job moved successfully.
C:\WINDOWS\tasks\At67.job moved successfully.
C:\WINDOWS\tasks\At68.job moved successfully.
C:\WINDOWS\tasks\At69.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At70.job moved successfully.
C:\WINDOWS\tasks\At71.job moved successfully.
C:\WINDOWS\tasks\At72.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator.BRIAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 333570 bytes
->Flash cache emptied: 489 bytes

User: All Users
->Flash cache emptied: 35 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41620 bytes

User: joann.HOMER33.000
->Temp folder emptied: 872149 bytes
->Temporary Internet Files folder emptied: 83025389 bytes
->Java cache emptied: 31457087 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 289514259 bytes
->Flash cache emptied: 2209926 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 573693 bytes
->Google Chrome cache emptied: 5837168 bytes
->Flash cache emptied: 6376 bytes

User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 2064819 bytes
->Flash cache emptied: 61043 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 5552657 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1407109 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13715366 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67138 bytes
RecycleBin emptied: 4293514895 bytes

Total Files Cleaned = 4,513.00 mb


[EMPTYFLASH]

User: Administrator.BRIAN
->Flash cache emptied: 0 bytes

User: All Users
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: joann.HOMER33.000
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.1 log created on 01042011_141329

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#5
patfan4lif

patfan4lif

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
I disabled my anti virus and tried combofix the run box appears and I hit the run button. A small black screen comes up and disappears quickly. I have tried it a few times.
  • 0

#6
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

then

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Things I would like to see in your reply:
  • OTL log
  • MBAM log

  • 0

#7
patfan4lif

patfan4lif

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
I ran the OTL and saved the text to my desktop. I then downloaded and ran Malwarebytes. It came up with three infections I remember two had the name Palladium in it. It then said they were succsessfuly removed.I tried to open the log file and I got an Access denied message. I then rebooted as instructed and tried opening both the OTL and Malwarebytes log file and again I got Access denied.
  • 0

#8
patfan4lif

patfan4lif

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
I tried right clicking the OTL file and I hit Edit. I was able to get the following:


OTL logfile created on: 1/4/2011 3:29:44 PM - Run 2
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\joann.HOMER33.000\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): c:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.94 Gb Total Space | 15.24 Gb Free Space | 21.49% Space Free | Partition Type: NTFS
Drive D: | 250.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 1.92 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BRIAN | User Name: joann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/04 12:27:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\joann.HOMER33.000\Desktop\OTL.exe
PRC - [2010/12/08 18:28:23 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Documents and Settings\joann.HOMER33.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/10/13 21:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2010/10/13 21:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
PRC - [2010/10/05 15:34:08 | 000,835,584 | ---- | M] () -- C:\Program Files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe
PRC - [2010/10/05 15:33:44 | 000,163,840 | ---- | M] (Verizon) -- C:\Program Files\Verizon\Verizon Media Manager\Release\VZVideoAgent.exe
PRC - [2010/09/30 12:10:36 | 001,193,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/06/01 06:47:49 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2003/09/17 11:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
PRC - [2003/08/28 13:01:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
PRC - [2003/01/10 18:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2002/09/17 17:31:26 | 000,053,248 | ---- | M] (Fellowes, Inc.) -- C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe


========== Modules (SafeList) ==========

MOD - [2011/01/04 12:27:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\joann.HOMER33.000\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2002/09/17 17:28:16 | 000,090,112 | ---- | M] (Fellowes, Inc.) -- C:\Program Files\Fellowes\MediaFACE 4.0\MFHookManager.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/10/13 21:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 21:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/08/31 15:50:40 | 000,041,776 | R--- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2008/04/13 19:12:35 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\skeys.exe -- (SerialKeys)
SRV - [2007/03/20 07:19:14 | 000,263,168 | ---- | M] (Ares Development Group) [On_Demand | Stopped] -- C:\Program Files\Ares Ultra\chatServer.exe -- (AresChatServer)
SRV - [2004/07/01 15:45:46 | 000,421,888 | ---- | M] (Dell) [Disabled | Stopped] -- C:\WINDOWS\System32\dlbucoms.exe -- (dlbu_device)
SRV - [2003/08/28 13:01:22 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)
SRV - [2003/01/10 18:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\WscNetDr.sys -- (WscNetDr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DDMI2.sys -- (SDDMI2)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
DRV - [2010/10/13 21:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 21:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 21:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 21:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 21:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 21:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 21:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 21:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 21:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cfwids.sys -- (cfwids)
DRV - [2010/10/13 21:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2010/09/07 11:27:20 | 000,036,352 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\intelppm.sys -- (intelppm)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/09/29 00:02:00 | 000,016,752 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctpdusb2.sys -- (Jukebox)
DRV - [2004/08/12 09:07:42 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/12 09:06:53 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/12 09:06:53 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/12 09:06:53 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/12 09:06:52 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/12 09:06:16 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/12 09:03:54 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/12 09:03:53 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/12 09:03:53 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/12 09:00:09 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/12 08:56:47 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/12 08:56:06 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/12 08:55:49 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/12 08:55:49 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/12 08:55:47 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/06/15 23:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/06/09 13:16:00 | 000,840,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P17.sys -- (P17)
DRV - [2004/05/20 00:58:54 | 000,379,456 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PRISMA02.sys -- (PRISM_A02)
DRV - [2004/03/05 21:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 21:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 21:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/09/22 09:48:00 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 09:47:00 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2003/03/05 13:19:00 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Pfmodnt.sys -- (PfModNT)
DRV - [2003/01/10 18:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 14:05:44 | 000,141,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Icam3.sys -- (ICAM3NT5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C AE 97 2E 82 41 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {3f5f5e47-34a5-408a-b646-d103852199f6} - C:\Program Files\Oryte_Games_1.6\tbOry2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://en-us.start.m...en-US:official"
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\FF2
FF - HKLM\software\mozilla\Firefox\Extensions\\{57B77092-0906-48E7-B331-8DD09B5FA6BA}: C:\Documents and Settings\joann.HOMER33.000\Local Settings\Application Data\{57B77092-0906-48E7-B331-8DD09B5FA6BA}
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/12/14 23:52:44 | 000,000,000 | ---D | M]

[2009/07/14 23:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Mozilla\Extensions
[2009/07/14 23:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Mozilla\Extensions\[email protected]
[2010/12/11 22:19:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Mozilla\Firefox\Profiles\sfaf1yba.default\extensions
[2008/04/03 08:47:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Mozilla\Firefox\Profiles\sfaf1yba.default\extensions\staged-xpis
[2010/12/11 22:19:45 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Mozilla\Firefox\Profiles\sfaf1yba.default\extensions\vshare@toolbar
[2008/04/07 11:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/07 11:55:31 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2)
[2008/04/07 11:55:32 | 000,000,000 | ---D | M] (Real Networks Settings) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/04/07 11:55:32 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(2).org

O1 HOSTS File: ([2011/01/04 14:13:39 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Oryte Games 1.6 Toolbar) - {3f5f5e47-34a5-408a-b646-d103852199f6} - C:\Program Files\Oryte_Games_1.6\tbOry2.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20101031082050.dll (McAfee, Inc.)
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Oryte Games 1.6 Toolbar) - {3f5f5e47-34a5-408a-b646-d103852199f6} - C:\Program Files\Oryte_Games_1.6\tbOry2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AIM Search) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Oryte Games 1.6 Toolbar) - {3F5F5E47-34A5-408A-B646-D103852199F6} - C:\Program Files\Oryte_Games_1.6\tbOry2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe (Fellowes, Inc.)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Verizon Media Manager] C:\Program Files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_19.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe File not found
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: bankofamerica.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://my.verizon.co...vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/11 08:32:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/04 14:42:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/01/04 14:13:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/04 12:27:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\joann.HOMER33.000\Desktop\OTL.exe
[2011/01/03 21:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\Loaris
[2010/12/31 16:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/12/31 16:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Start Menu\Programs\HiJackThis
[2010/12/31 15:58:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Desktop\backups
[2010/12/31 10:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\pKlBa06300
[2010/12/27 19:58:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\dvdcss
[2010/12/26 11:33:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\MixVibes
[2010/12/26 11:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Start Menu\Programs\MixVibes
[2010/12/26 11:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\MixVibes
[2010/12/18 16:26:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Desktop\New Folder
[2010/12/11 22:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\vShare
[2010/12/11 22:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\vShare
[2010/12/10 12:12:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\My Documents\My Received Files
[2010/12/10 12:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\My Documents\BearShare
[2010/12/10 12:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Local Settings\Application Data\BearShare
[2010/12/10 12:10:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BearShare
[2010/12/10 12:10:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BearShare
[2010/12/10 12:10:03 | 000,000,000 | ---D | C] -- C:\Program Files\BearShare Applications
[2010/12/10 11:56:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{A471C4AE-B27B-4761-9BCF-82FAAAAA2D01}
[2010/12/10 11:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Local Settings\Application Data\PackageAware

========== Files - Modified Within 30 Days ==========

[2011/01/04 15:32:00 | 000,709,456 | ---- | M] () -- C:\WINDOWS\is-PC1EC.exe
[2011/01/04 15:32:00 | 000,010,562 | ---- | M] () -- C:\WINDOWS\is-PC1EC.msg
[2011/01/04 15:32:00 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/04 15:32:00 | 000,000,385 | ---- | M] () -- C:\WINDOWS\is-PC1EC.lst
[2011/01/04 15:22:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/04 14:41:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2774985004-2729123369-274862516-1009UA.job
[2011/01/04 14:37:18 | 000,000,977 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Desktop\Shortcut to ComboFix.exe.lnk
[2011/01/04 14:23:00 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/01/04 14:21:50 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/04 14:21:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/01/04 14:13:39 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2011/01/04 12:27:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\joann.HOMER33.000\Desktop\OTL.exe
[2011/01/04 12:19:37 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/04 04:41:00 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2774985004-2729123369-274862516-1009Core.job
[2011/01/03 11:58:14 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\start_pal
[2011/01/03 11:57:14 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\completescan_pal
[2011/01/02 20:10:31 | 000,000,930 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Desktop\Palladium.lnk
[2011/01/02 20:10:31 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\install_pal
[2011/01/01 15:43:30 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/31 09:50:20 | 000,022,339 | ---- | M] () -- C:\WINDOWS\phoneh~5.CSV
[2010/12/31 09:47:37 | 000,022,188 | ---- | M] () -- C:\WINDOWS\phoneh~5.bak
[2010/12/29 17:50:45 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/12/26 12:57:22 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/22 20:33:42 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Desktop\My Network Places.lnk
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/17 16:42:46 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Desktop\Microsoft Office Word 2007.lnk
[2010/12/16 19:49:28 | 000,011,376 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\My Documents\kacies science paper.docx
[2010/12/15 03:29:49 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/15 01:00:00 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/12/14 12:43:22 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/14 12:43:21 | 000,002,376 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Desktop\Google Chrome.lnk
[2010/12/10 12:11:23 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Microsoft\Internet Explorer\Quick Launch\BearShare.lnk

========== Files Created - No Company Name ==========

[2011/01/04 15:32:00 | 000,709,456 | ---- | C] () -- C:\WINDOWS\is-PC1EC.exe
[2011/01/04 15:32:00 | 000,010,562 | ---- | C] () -- C:\WINDOWS\is-PC1EC.msg
[2011/01/04 15:32:00 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/04 15:32:00 | 000,000,385 | ---- | C] () -- C:\WINDOWS\is-PC1EC.lst
[2011/01/04 14:37:18 | 000,000,977 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Desktop\Shortcut to ComboFix.exe.lnk
[2011/01/02 21:34:21 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\start_pal
[2011/01/02 21:32:26 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\completescan_pal
[2011/01/02 20:10:31 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\install_pal
[2011/01/02 20:10:29 | 000,000,930 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Desktop\Palladium.lnk
[2010/12/22 20:33:42 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Desktop\My Network Places.lnk
[2010/12/16 19:49:28 | 000,011,376 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\My Documents\kacies science paper.docx
[2010/12/10 12:11:23 | 000,000,863 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Microsoft\Internet Explorer\Quick Launch\BearShare.lnk
[2010/10/15 02:13:42 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/02 14:29:04 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/06 12:58:13 | 000,007,963 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/04/09 14:30:07 | 000,000,023 | ---- | C] () -- C:\WINDOWS\settings.ini
[2007/07/12 08:20:16 | 009,437,238 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\ZBWallpaper.bmp
[2007/03/28 18:02:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2007/02/26 15:28:08 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/08/15 08:30:50 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\internaldb4418.dat
[2006/08/15 08:16:57 | 000,000,299 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\internaldb1942.dat
[2006/07/23 09:31:34 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbucoin.dll
[2006/07/23 09:31:34 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\dlbusnls.dll
[2006/01/16 17:30:55 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2005/12/04 20:39:31 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/08/09 17:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/09 17:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/08/09 17:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/05/31 13:02:25 | 000,020,857 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/02/19 20:26:39 | 000,000,725 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/11/24 17:29:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/11/22 15:16:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/22 15:14:53 | 000,002,824 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/11/22 15:11:19 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\PdeSrv2p.dll
[2004/11/22 15:03:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/22 14:59:07 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/11/22 14:58:57 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2004/11/22 14:58:57 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/11/22 14:58:52 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/11/22 14:34:44 | 000,000,459 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/12 09:03:56 | 001,287,168 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2004/08/12 08:58:07 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\intelppm.sys
[2004/08/10 14:13:12 | 000,000,831 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 14:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/06 13:23:06 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbucur.dll
[2004/08/06 13:22:12 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\dlbujswr.dll
[2004/08/06 13:07:24 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbucu.dll
[2004/08/06 13:01:42 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\dlbuutil.dll
[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/10/08 09:09:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbuvs.dll
[2002/09/17 16:02:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2002/09/17 16:01:38 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2002/09/17 16:00:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2002/09/17 16:00:28 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2001/10/24 18:08:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ArmAccess.dll
[1980/01/01 01:00:00 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[1980/01/01 01:00:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2010/12/10 12:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BearShare
[2010/08/28 18:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Business Management Systems
[2010/03/15 17:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CBL-Electronics
[2010/02/14 19:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/02/10 17:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2005/09/20 18:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes
[2006/05/31 11:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freedom
[2008/11/29 00:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\great coal love default
[2005/08/02 17:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/02/10 16:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/12/31 16:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pKlBa06300
[2010/04/18 09:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Socusoft
[2008/03/01 17:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2010/10/23 09:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/03 16:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/08/28 18:54:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{24202FD0-3651-4C5E-8793-E1C3251724EF}
[2010/10/07 06:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/17 20:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/12/10 12:13:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A471C4AE-B27B-4761-9BCF-82FAAAAA2D01}
[2007/01/13 12:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Aim
[2008/02/18 12:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Ares Ultra
[2010/03/15 17:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\CBL-Electronics
[2010/04/22 16:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/09/29 17:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\CVS
[2010/02/10 16:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\DriverCure
[2010/06/30 20:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\ElevatedDiagnostics
[2008/11/29 00:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\error kind find
[2010/04/13 16:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Facebook
[2007/06/02 12:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\GetRightToGo
[2011/01/03 21:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Image Zone Express
[2007/04/03 18:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\InterTrust
[2007/05/23 07:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Jasc
[2005/09/06 13:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Leadertech
[2010/12/26 11:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\MixVibes
[2009/10/01 09:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\mjusbsp
[2006/07/23 09:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\MSNInstaller
[2010/02/05 22:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Musicmatch
[2010/02/11 19:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\PerfectTablePlan
[2010/07/02 22:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Printer Info Cache
[2008/03/01 17:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\TaxCut
[2010/12/18 22:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\uTorrent
[2010/12/11 22:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\vShare
[2010/07/22 05:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Ydxa
[2010/07/22 15:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Zail
[2010/06/16 11:17:01 | 000,001,134 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job
[2010/12/15 01:00:00 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/07/24 15:44:04 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\prismShakeIcon.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2009/06/27 18:46:59 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
[2009/06/27 18:46:59 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩

========== Alternate Data Streams ==========

@Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31FAD21
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:404390E0

< End of report >
  • 0

#9
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2009/06/27 18:46:59 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\????????????????????^(4)???????????????????????
    [2009/06/27 18:46:59 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\????????????????????^(4)???????????????????????
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.


Things I would like to see in your reply:
  • OTL log
  • Combofix.txt

  • 0

#10
patfan4lif

patfan4lif

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
These are what you requested:OTL log - Combofix.tx


OTL logfile created on: 1/5/2011 9:39:04 PM - Run 3
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\joann.HOMER33.000\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): c:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.94 Gb Total Space | 15.59 Gb Free Space | 21.97% Space Free | Partition Type: NTFS
Drive D: | 250.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 1.92 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BRIAN | User Name: joann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/04 12:27:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\joann.HOMER33.000\Desktop\OTL.exe
PRC - [2010/12/08 18:28:23 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Documents and Settings\joann.HOMER33.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/10/13 21:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2010/10/13 21:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
PRC - [2010/10/05 15:34:08 | 000,835,584 | ---- | M] () -- C:\Program Files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe
PRC - [2010/10/05 15:33:44 | 000,163,840 | ---- | M] (Verizon) -- C:\Program Files\Verizon\Verizon Media Manager\Release\VZVideoAgent.exe
PRC - [2010/09/30 12:10:36 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/10 14:10:40 | 000,439,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\MSC\McUICnt.exe
PRC - [2010/03/10 13:41:24 | 000,180,888 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSM\McSmtFwk.exe
PRC - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2005/06/01 06:47:49 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2003/09/17 11:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
PRC - [2003/08/28 13:01:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
PRC - [2003/01/10 18:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2002/09/17 17:31:26 | 000,053,248 | ---- | M] (Fellowes, Inc.) -- C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe


========== Modules (SafeList) ==========

MOD - [2011/01/04 12:27:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\joann.HOMER33.000\Desktop\OTL.exe
MOD - [2010/12/09 14:20:40 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2002/09/17 17:28:16 | 000,090,112 | ---- | M] (Fellowes, Inc.) -- C:\Program Files\Fellowes\MediaFACE 4.0\MFHookManager.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\TEMP\023999~1.EXE -- (0239991294259256mcinstcleanup) McAfee Application Installer Cleanup (0239991294259256)
SRV - [2010/10/13 21:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 21:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/08/31 15:50:40 | 000,041,776 | R--- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2008/04/13 19:12:35 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\skeys.exe -- (SerialKeys)
SRV - [2007/03/20 07:19:14 | 000,263,168 | ---- | M] (Ares Development Group) [On_Demand | Stopped] -- C:\Program Files\Ares Ultra\chatServer.exe -- (AresChatServer)
SRV - [2004/07/01 15:45:46 | 000,421,888 | ---- | M] (Dell) [Disabled | Stopped] -- C:\WINDOWS\System32\dlbucoms.exe -- (dlbu_device)
SRV - [2003/08/28 13:01:22 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)
SRV - [2003/01/10 18:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\WscNetDr.sys -- (WscNetDr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DDMI2.sys -- (SDDMI2)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
DRV - [2010/10/13 21:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 21:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 21:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 21:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 21:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 21:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 21:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 21:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 21:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cfwids.sys -- (cfwids)
DRV - [2010/10/13 21:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2010/09/07 11:27:20 | 000,036,352 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\intelppm.sys -- (intelppm)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/09/29 00:02:00 | 000,016,752 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctpdusb2.sys -- (Jukebox)
DRV - [2004/08/12 09:07:42 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/12 09:06:53 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/12 09:06:53 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/12 09:06:53 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/12 09:06:52 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/12 09:06:16 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/12 09:03:54 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/12 09:03:53 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/12 09:03:53 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/12 09:00:09 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/12 08:56:47 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/12 08:56:06 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/12 08:55:49 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/12 08:55:49 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/12 08:55:47 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/06/15 23:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/06/09 13:16:00 | 000,840,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P17.sys -- (P17)
DRV - [2004/05/20 00:58:54 | 000,379,456 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PRISMA02.sys -- (PRISM_A02)
DRV - [2004/03/05 21:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 21:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 21:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/09/22 09:48:00 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 09:47:00 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2003/03/05 13:19:00 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Pfmodnt.sys -- (PfModNT)
DRV - [2003/01/10 18:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 14:05:44 | 000,141,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Icam3.sys -- (ICAM3NT5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C AE 97 2E 82 41 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {3f5f5e47-34a5-408a-b646-d103852199f6} - C:\Program Files\Oryte_Games_1.6\tbOry2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://en-us.start.m...en-US:official"
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\FF2
FF - HKLM\software\mozilla\Firefox\Extensions\\{57B77092-0906-48E7-B331-8DD09B5FA6BA}: C:\Documents and Settings\joann.HOMER33.000\Local Settings\Application Data\{57B77092-0906-48E7-B331-8DD09B5FA6BA}
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/01/05 21:30:14 | 000,000,000 | ---D | M]

[2009/07/14 23:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Mozilla\Extensions
[2009/07/14 23:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Mozilla\Extensions\[email protected]
[2010/12/11 22:19:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Mozilla\Firefox\Profiles\sfaf1yba.default\extensions
[2008/04/03 08:47:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Mozilla\Firefox\Profiles\sfaf1yba.default\extensions\staged-xpis
[2010/12/11 22:19:45 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Mozilla\Firefox\Profiles\sfaf1yba.default\extensions\vshare@toolbar
[2008/04/07 11:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/07 11:55:31 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2)
[2008/04/07 11:55:32 | 000,000,000 | ---D | M] (Real Networks Settings) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/04/07 11:55:32 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(2).org

O1 HOSTS File: ([2011/01/05 21:26:05 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Oryte Games 1.6 Toolbar) - {3f5f5e47-34a5-408a-b646-d103852199f6} - C:\Program Files\Oryte_Games_1.6\tbOry2.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20101031082050.dll (McAfee, Inc.)
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Oryte Games 1.6 Toolbar) - {3f5f5e47-34a5-408a-b646-d103852199f6} - C:\Program Files\Oryte_Games_1.6\tbOry2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AIM Search) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Oryte Games 1.6 Toolbar) - {3F5F5E47-34A5-408A-B646-D103852199F6} - C:\Program Files\Oryte_Games_1.6\tbOry2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe (Fellowes, Inc.)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Verizon Media Manager] C:\Program Files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_19.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe File not found
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: bankofamerica.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://my.verizon.co...vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/11 08:32:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/05 21:30:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/01/04 22:54:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Talk
[2011/01/04 14:13:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/04 12:27:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\joann.HOMER33.000\Desktop\OTL.exe
[2011/01/03 21:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\Loaris
[2010/12/31 16:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/12/31 16:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Start Menu\Programs\HiJackThis
[2010/12/31 15:58:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Desktop\backups
[2010/12/31 10:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\pKlBa06300
[2010/12/27 19:58:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\dvdcss
[2010/12/26 11:33:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\MixVibes
[2010/12/26 11:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Start Menu\Programs\MixVibes
[2010/12/26 11:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\MixVibes
[2010/12/18 16:26:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Desktop\New Folder
[2010/12/11 22:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\vShare
[2010/12/11 22:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\vShare
[2010/12/10 12:12:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\My Documents\My Received Files
[2010/12/10 12:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\My Documents\BearShare
[2010/12/10 12:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Local Settings\Application Data\BearShare
[2010/12/10 12:10:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BearShare
[2010/12/10 12:10:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BearShare
[2010/12/10 12:10:03 | 000,000,000 | ---D | C] -- C:\Program Files\BearShare Applications
[2010/12/10 11:56:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{A471C4AE-B27B-4761-9BCF-82FAAAAA2D01}
[2010/12/10 11:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Local Settings\Application Data\PackageAware

========== Files - Modified Within 30 Days ==========

[2011/01/05 21:41:29 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2774985004-2729123369-274862516-1009UA.job
[2011/01/05 21:32:13 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/01/05 21:30:33 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/05 21:30:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/01/05 21:26:05 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2011/01/05 21:22:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/04 15:32:00 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/04 14:37:18 | 000,000,977 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Desktop\Shortcut to ComboFix.exe.lnk
[2011/01/04 12:27:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\joann.HOMER33.000\Desktop\OTL.exe
[2011/01/04 12:19:37 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/04 04:41:00 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2774985004-2729123369-274862516-1009Core.job
[2011/01/01 15:43:30 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/31 09:50:20 | 000,022,339 | ---- | M] () -- C:\WINDOWS\phoneh~5.CSV
[2010/12/31 09:47:37 | 000,022,188 | ---- | M] () -- C:\WINDOWS\phoneh~5.bak
[2010/12/29 17:50:45 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/12/26 12:57:22 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/22 20:33:42 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Desktop\My Network Places.lnk
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/17 16:42:46 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Desktop\Microsoft Office Word 2007.lnk
[2010/12/16 19:49:28 | 000,011,376 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\My Documents\kacies science paper.docx
[2010/12/15 03:29:49 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/15 01:00:00 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/12/14 12:43:22 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/14 12:43:21 | 000,002,376 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Desktop\Google Chrome.lnk
[2010/12/10 12:11:23 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Microsoft\Internet Explorer\Quick Launch\BearShare.lnk

========== Files Created - No Company Name ==========

[2011/01/04 15:32:00 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/04 14:37:18 | 000,000,977 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Desktop\Shortcut to ComboFix.exe.lnk
[2010/12/22 20:33:42 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Desktop\My Network Places.lnk
[2010/12/16 19:49:28 | 000,011,376 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\My Documents\kacies science paper.docx
[2010/12/10 12:11:23 | 000,000,863 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Microsoft\Internet Explorer\Quick Launch\BearShare.lnk
[2010/10/15 02:13:42 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/02 14:29:04 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/06 12:58:13 | 000,007,963 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/04/09 14:30:07 | 000,000,023 | ---- | C] () -- C:\WINDOWS\settings.ini
[2007/07/12 08:20:16 | 009,437,238 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\ZBWallpaper.bmp
[2007/03/28 18:02:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2007/02/26 15:28:08 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/08/15 08:30:50 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\internaldb4418.dat
[2006/08/15 08:16:57 | 000,000,299 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\internaldb1942.dat
[2006/07/23 09:31:34 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbucoin.dll
[2006/07/23 09:31:34 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\dlbusnls.dll
[2006/01/16 17:30:55 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2005/12/04 20:39:31 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/08/09 17:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/09 17:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/08/09 17:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/05/31 13:02:25 | 000,020,857 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/02/19 20:26:39 | 000,000,725 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/11/24 17:29:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/11/22 15:16:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/22 15:14:53 | 000,002,824 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/11/22 15:11:19 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\PdeSrv2p.dll
[2004/11/22 15:03:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/22 14:59:07 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/11/22 14:58:57 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2004/11/22 14:58:57 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/11/22 14:58:52 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/11/22 14:34:44 | 000,000,459 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/12 09:03:56 | 001,287,168 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2004/08/12 08:58:07 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\intelppm.sys
[2004/08/10 14:13:12 | 000,000,831 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 14:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/06 13:23:06 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbucur.dll
[2004/08/06 13:22:12 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\dlbujswr.dll
[2004/08/06 13:07:24 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbucu.dll
[2004/08/06 13:01:42 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\dlbuutil.dll
[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/10/08 09:09:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbuvs.dll
[2002/09/17 16:02:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2002/09/17 16:01:38 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2002/09/17 16:00:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2002/09/17 16:00:28 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2001/10/24 18:08:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ArmAccess.dll
[1980/01/01 01:00:00 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[1980/01/01 01:00:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2010/12/10 12:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BearShare
[2010/08/28 18:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Business Management Systems
[2010/03/15 17:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CBL-Electronics
[2010/02/14 19:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/02/10 17:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2005/09/20 18:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes
[2006/05/31 11:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freedom
[2008/11/29 00:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\great coal love default
[2005/08/02 17:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/02/10 16:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/12/31 16:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pKlBa06300
[2010/04/18 09:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Socusoft
[2008/03/01 17:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2010/10/23 09:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/03 16:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/08/28 18:54:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{24202FD0-3651-4C5E-8793-E1C3251724EF}
[2010/10/07 06:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/17 20:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/12/10 12:13:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A471C4AE-B27B-4761-9BCF-82FAAAAA2D01}
[2007/01/13 12:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Aim
[2008/02/18 12:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Ares Ultra
[2010/03/15 17:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\CBL-Electronics
[2010/04/22 16:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/09/29 17:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\CVS
[2010/02/10 16:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\DriverCure
[2010/06/30 20:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\ElevatedDiagnostics
[2008/11/29 00:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\error kind find
[2010/04/13 16:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Facebook
[2007/06/02 12:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\GetRightToGo
[2011/01/03 21:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Image Zone Express
[2007/04/03 18:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\InterTrust
[2007/05/23 07:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Jasc
[2005/09/06 13:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Leadertech
[2010/12/26 11:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\MixVibes
[2009/10/01 09:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\mjusbsp
[2006/07/23 09:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\MSNInstaller
[2010/02/05 22:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Musicmatch
[2010/02/11 19:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\PerfectTablePlan
[2010/07/02 22:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Printer Info Cache
[2008/03/01 17:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\TaxCut
[2010/12/18 22:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\uTorrent
[2010/12/11 22:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\vShare
[2010/07/22 05:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Ydxa
[2010/07/22 15:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Zail
[2010/06/16 11:17:01 | 000,001,134 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job
[2010/12/15 01:00:00 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/07/24 15:44:04 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\prismShakeIcon.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2009/06/27 18:46:59 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
[2009/06/27 18:46:59 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩

========== Alternate Data Streams ==========

@Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31FAD21
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:404390E0

< End of report >

ComboFix 11-01-05.01 - joann 01/05/2011 22:07:55.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.702 [GMT -5:00]
Running from: c:\documents and settings\joann.HOMER33.000\My Documents\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\joann.HOMER33.000\Recent\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-12-06 to 2011-01-06 )))))))))))))))))))))))))))))))
.

2011-01-04 19:13 . 2011-01-04 19:13 -------- d-----w- C:\_OTL
2011-01-04 02:50 . 2011-01-04 02:50 -------- d-----w- c:\program files\Loaris
2010-12-31 21:22 . 2010-12-31 21:22 388096 ----a-r- c:\documents and settings\joann.HOMER33.000\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-31 21:22 . 2010-12-31 21:22 -------- d-----w- c:\program files\Trend Micro
2010-12-31 15:08 . 2010-12-31 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\pKlBa06300
2010-12-28 00:58 . 2010-12-28 01:02 -------- d-----w- c:\documents and settings\joann.HOMER33.000\Application Data\dvdcss
2010-12-26 16:33 . 2010-12-26 16:34 -------- d-----w- c:\documents and settings\joann.HOMER33.000\Application Data\MixVibes
2010-12-26 16:32 . 2010-12-26 16:32 -------- d-----w- c:\program files\MixVibes
2010-12-15 02:31 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 02:29 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-12 03:19 . 2010-12-12 03:21 -------- d-----w- c:\documents and settings\joann.HOMER33.000\Application Data\vShare
2010-12-12 03:19 . 2010-12-12 03:19 -------- d-----w- c:\program files\vShare
2010-12-10 17:12 . 2010-12-10 17:16 -------- d-----w- c:\documents and settings\joann.HOMER33.000\Local Settings\Application Data\BearShare
2010-12-10 17:10 . 2010-12-10 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\BearShare
2010-12-10 17:10 . 2010-12-10 17:10 -------- d-----w- c:\program files\BearShare Applications
2010-12-10 16:56 . 2010-12-10 17:13 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{A471C4AE-B27B-4761-9BCF-82FAAAAA2D01}
2010-12-10 16:53 . 2010-12-10 16:53 -------- d-----w- c:\documents and settings\joann.HOMER33.000\Local Settings\Application Data\PackageAware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2010-07-01 16:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-07-01 16:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2004-08-04 11:00 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2004-08-12 14:09 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-12 13:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-12 13:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-12 13:57 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-12 14:01 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-12 13:55 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-12 14:09 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-14 23:44 . 2010-10-14 23:44 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-10-14 02:28 . 2010-02-15 02:17 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-10-14 02:28 . 2010-02-15 02:17 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-10-14 02:28 . 2010-02-15 02:17 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-10-14 02:28 . 2010-02-15 02:17 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-10-14 02:28 . 2010-02-15 02:17 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-10-14 02:28 . 2010-02-15 02:17 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-10-14 02:28 . 2010-02-15 02:17 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-10-14 02:28 . 2010-02-15 02:17 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-10-14 02:28 . 2010-01-05 23:04 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-10-14 02:28 . 2010-01-05 23:04 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3f5f5e47-34a5-408a-b646-d103852199f6}"= "c:\program files\Oryte_Games_1.6\tbOry2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{3f5f5e47-34a5-408a-b646-d103852199f6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3f5f5e47-34a5-408a-b646-d103852199f6}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\Oryte_Games_1.6\tbOry2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3f5f5e47-34a5-408a-b646-d103852199f6}"= "c:\program files\Oryte_Games_1.6\tbOry2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{3f5f5e47-34a5-408a-b646-d103852199f6}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3F5F5E47-34A5-408A-B646-D103852199F6}"= "c:\program files\Oryte_Games_1.6\tbOry2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{3f5f5e47-34a5-408a-b646-d103852199f6}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-29 39408]
"Google Update"="c:\documents and settings\joann.HOMER33.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-10 136176]
"Verizon Media Manager"="c:\program files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe" [2010-10-05 835584]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"P17Helper"="P17.dll" [2004-06-10 60928]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-06-01 180269]
"MediaFace Integration"="c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe" [2002-09-17 53248]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^joann.HOMER33.000^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\joann.HOMER33.000\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
2004-02-19 14:23 61440 ----a-w- c:\dell\BLDBUBG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 942]
2004-08-31 14:18 294912 ----a-w- c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellMCM]
2004-07-27 14:08 262144 ----a-w- c:\program files\Dell Photo AIO Printer 942\memcard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-08-23 22:19 57344 ----a-w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2009-07-20 19:52 41264 ----a-w- c:\program files\Common Files\AOL\1265756796\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\SYSTEM32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-04-12 02:15 290816 ----a-w- c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
2009-03-12 16:31 2303216 ----a-w- c:\program files\Verizon\VSP\VerizonServicepoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2008-10-07 15:23 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Documents and Settings\\joann.HOMER33.000\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1265756796\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\SYSTEM32\DRIVERS\mfetdi2k.sys [2/14/2010 9:17 PM 84072]
R3 cfwids;McAfee Inc. cfwids;c:\windows\SYSTEM32\DRIVERS\cfwids.sys [2/14/2010 9:17 PM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\SYSTEM32\DRIVERS\mfefirek.sys [2/14/2010 9:17 PM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [2/14/2010 9:17 PM 88544]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [2/14/2010 9:17 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [2/14/2010 9:17 PM 84264]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 0239991294259256MCINSTCLEANUP
*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2011-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2011-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 18:11]

2011-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 18:11]

2011-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2774985004-2729123369-274862516-1009Core.job
- c:\documents and settings\joann.HOMER33.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-10 00:31]

2011-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2774985004-2729123369-274862516-1009UA.job
- c:\documents and settings\joann.HOMER33.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-10 00:31]

2010-06-16 c:\windows\Tasks\Install_NSS.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2010-02-11 22:41]

2010-12-15 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\DEFRAG.EXE [2004-08-12 00:12]

2010-07-24 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2010-07-21 20:41]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: bankofamerica.com\www
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-05 22:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-01-05 22:34:44
ComboFix-quarantined-files.txt 2011-01-06 03:34

Pre-Run: 16,701,796,352 bytes free
Post-Run: 16,660,746,240 bytes free

- - End Of File - - AC6AB58D6DDC1C96565F23698805A24B
  • 0

Advertisements


#11
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2009/06/27 18:46:59 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\????????????????????^(4)???????????????????????
    [2009/06/27 18:46:59 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\????????????????????^(4)???????????????????????
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

NEXT

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0

#12
patfan4lif

patfan4lif

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
This is the OTL File and the ESET file you requested. For some reason when I try to open these files on my desktop, I keep getting a message "access denied". I have to open these files by right clicking and using the edit option. I never had to do that before we ran the first Hijackthis.

OTL logfile created on: 1/6/2011 3:28:55 PM - Run 4
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\joann.HOMER33.000\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): c:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.94 Gb Total Space | 15.57 Gb Free Space | 21.95% Space Free | Partition Type: NTFS
Drive D: | 250.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 1.92 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BRIAN | User Name: joann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/04 12:27:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\joann.HOMER33.000\Desktop\OTL.exe
PRC - [2010/12/08 18:28:23 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Documents and Settings\joann.HOMER33.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/10/13 21:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2010/10/13 21:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
PRC - [2010/10/05 15:34:08 | 000,835,584 | ---- | M] () -- C:\Program Files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe
PRC - [2010/10/05 15:33:44 | 000,163,840 | ---- | M] (Verizon) -- C:\Program Files\Verizon\Verizon Media Manager\Release\VZVideoAgent.exe
PRC - [2010/09/30 12:10:36 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2005/06/01 06:47:49 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2003/09/17 11:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
PRC - [2003/08/28 13:01:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
PRC - [2003/01/10 18:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2002/09/17 17:31:26 | 000,053,248 | ---- | M] (Fellowes, Inc.) -- C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe


========== Modules (SafeList) ==========

MOD - [2011/01/04 12:27:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\joann.HOMER33.000\Desktop\OTL.exe
MOD - [2010/12/09 14:20:40 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2002/09/17 17:28:16 | 000,090,112 | ---- | M] (Fellowes, Inc.) -- C:\Program Files\Fellowes\MediaFACE 4.0\MFHookManager.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\TEMP\023999~1.EXE -- (0239991294259256mcinstcleanup) McAfee Application Installer Cleanup (0239991294259256)
SRV - [2010/10/13 21:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 21:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/08/31 15:50:40 | 000,041,776 | R--- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2008/04/13 19:12:35 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\skeys.exe -- (SerialKeys)
SRV - [2007/03/20 07:19:14 | 000,263,168 | ---- | M] (Ares Development Group) [On_Demand | Stopped] -- C:\Program Files\Ares Ultra\chatServer.exe -- (AresChatServer)
SRV - [2004/07/01 15:45:46 | 000,421,888 | ---- | M] (Dell) [Disabled | Stopped] -- C:\WINDOWS\System32\dlbucoms.exe -- (dlbu_device)
SRV - [2003/08/28 13:01:22 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)
SRV - [2003/01/10 18:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\WscNetDr.sys -- (WscNetDr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DDMI2.sys -- (SDDMI2)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\JOANNH~1.000\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/10/13 21:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 21:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 21:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 21:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 21:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 21:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 21:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 21:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 21:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cfwids.sys -- (cfwids)
DRV - [2010/10/13 21:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2010/09/07 11:27:20 | 000,036,352 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\intelppm.sys -- (intelppm)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/09/29 00:02:00 | 000,016,752 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctpdusb2.sys -- (Jukebox)
DRV - [2004/08/12 09:07:42 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/12 09:06:53 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/12 09:06:53 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/12 09:06:53 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/12 09:06:52 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/12 09:06:16 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/12 09:03:54 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/12 09:03:53 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/12 09:03:53 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/12 09:00:09 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/12 08:56:47 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/12 08:56:06 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/12 08:55:49 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/12 08:55:49 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/12 08:55:47 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/06/15 23:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/06/09 13:16:00 | 000,840,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P17.sys -- (P17)
DRV - [2004/05/20 00:58:54 | 000,379,456 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PRISMA02.sys -- (PRISM_A02)
DRV - [2004/03/05 21:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 21:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 21:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/09/22 09:48:00 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 09:47:00 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2003/03/05 13:19:00 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Pfmodnt.sys -- (PfModNT)
DRV - [2003/01/10 18:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 14:05:44 | 000,141,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Icam3.sys -- (ICAM3NT5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C AE 97 2E 82 41 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {3f5f5e47-34a5-408a-b646-d103852199f6} - C:\Program Files\Oryte_Games_1.6\tbOry2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://en-us.start.m...en-US:official"
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\FF2
FF - HKLM\software\mozilla\Firefox\Extensions\\{57B77092-0906-48E7-B331-8DD09B5FA6BA}: C:\Documents and Settings\joann.HOMER33.000\Local Settings\Application Data\{57B77092-0906-48E7-B331-8DD09B5FA6BA}
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/01/05 21:30:14 | 000,000,000 | ---D | M]

[2009/07/14 23:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Mozilla\Extensions
[2009/07/14 23:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Mozilla\Extensions\[email protected]
[2010/12/11 22:19:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Mozilla\Firefox\Profiles\sfaf1yba.default\extensions
[2008/04/03 08:47:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Mozilla\Firefox\Profiles\sfaf1yba.default\extensions\staged-xpis
[2010/12/11 22:19:45 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Mozilla\Firefox\Profiles\sfaf1yba.default\extensions\vshare@toolbar
[2008/04/07 11:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/07 11:55:31 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2)
[2008/04/07 11:55:32 | 000,000,000 | ---D | M] (Real Networks Settings) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/04/07 11:55:32 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(2).org

O1 HOSTS File: ([2011/01/05 22:27:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Oryte Games 1.6 Toolbar) - {3f5f5e47-34a5-408a-b646-d103852199f6} - C:\Program Files\Oryte_Games_1.6\tbOry2.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20101031082050.dll (McAfee, Inc.)
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Oryte Games 1.6 Toolbar) - {3f5f5e47-34a5-408a-b646-d103852199f6} - C:\Program Files\Oryte_Games_1.6\tbOry2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AIM Search) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Oryte Games 1.6 Toolbar) - {3F5F5E47-34A5-408A-B646-D103852199F6} - C:\Program Files\Oryte_Games_1.6\tbOry2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe (Fellowes, Inc.)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Verizon Media Manager] C:\Program Files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_19.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe File not found
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: bankofamerica.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://my.verizon.co...vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/11 08:32:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/06 15:24:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/01/06 15:23:06 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/05 22:02:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/05 22:02:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/05 22:02:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/05 22:02:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/05 22:02:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/04 22:54:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Talk
[2011/01/04 14:13:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/04 12:27:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\joann.HOMER33.000\Desktop\OTL.exe
[2011/01/03 21:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\Loaris
[2010/12/31 16:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/12/31 16:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Start Menu\Programs\HiJackThis
[2010/12/31 15:58:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Desktop\backups
[2010/12/31 10:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\pKlBa06300
[2010/12/27 19:58:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\dvdcss
[2010/12/26 11:33:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\MixVibes
[2010/12/26 11:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Start Menu\Programs\MixVibes
[2010/12/26 11:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\MixVibes
[2010/12/18 16:26:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Desktop\New Folder
[2010/12/11 22:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\vShare
[2010/12/11 22:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\vShare
[2010/12/10 12:12:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\My Documents\My Received Files
[2010/12/10 12:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\My Documents\BearShare
[2010/12/10 12:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Local Settings\Application Data\BearShare
[2010/12/10 12:10:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BearShare
[2010/12/10 12:10:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BearShare
[2010/12/10 12:10:03 | 000,000,000 | ---D | C] -- C:\Program Files\BearShare Applications
[2010/12/10 11:56:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{A471C4AE-B27B-4761-9BCF-82FAAAAA2D01}
[2010/12/10 11:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Local Settings\Application Data\PackageAware

========== Files - Modified Within 30 Days ==========

[2011/01/06 15:41:07 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2774985004-2729123369-274862516-1009UA.job
[2011/01/06 15:24:49 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/01/06 15:24:12 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/06 15:24:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/01/06 15:22:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/05 22:27:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/01/04 15:32:00 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/04 12:27:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\joann.HOMER33.000\Desktop\OTL.exe
[2011/01/04 12:19:37 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/04 04:41:00 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2774985004-2729123369-274862516-1009Core.job
[2011/01/01 15:43:30 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/31 09:50:20 | 000,022,339 | ---- | M] () -- C:\WINDOWS\phoneh~5.CSV
[2010/12/31 09:47:37 | 000,022,188 | ---- | M] () -- C:\WINDOWS\phoneh~5.bak
[2010/12/29 17:50:45 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/12/26 12:57:22 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/22 20:33:42 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Desktop\My Network Places.lnk
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/17 16:42:46 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Desktop\Microsoft Office Word 2007.lnk
[2010/12/16 19:49:28 | 000,011,376 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\My Documents\kacies science paper.docx
[2010/12/15 03:29:49 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/15 01:00:00 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/12/14 12:43:22 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/14 12:43:21 | 000,002,376 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Desktop\Google Chrome.lnk
[2010/12/10 12:11:23 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Microsoft\Internet Explorer\Quick Launch\BearShare.lnk

========== Files Created - No Company Name ==========

[2011/01/05 22:02:51 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/05 22:02:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/05 22:02:51 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/05 22:02:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/05 22:02:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/04 15:32:00 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/22 20:33:42 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Desktop\My Network Places.lnk
[2010/12/16 19:49:28 | 000,011,376 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\My Documents\kacies science paper.docx
[2010/12/10 12:11:23 | 000,000,863 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Microsoft\Internet Explorer\Quick Launch\BearShare.lnk
[2010/10/15 02:13:42 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/02 14:29:04 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/06 12:58:13 | 000,007,963 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/04/09 14:30:07 | 000,000,023 | ---- | C] () -- C:\WINDOWS\settings.ini
[2007/07/12 08:20:16 | 009,437,238 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\ZBWallpaper.bmp
[2007/03/28 18:02:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2007/02/26 15:28:08 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/08/15 08:30:50 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\internaldb4418.dat
[2006/08/15 08:16:57 | 000,000,299 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\internaldb1942.dat
[2006/07/23 09:31:34 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbucoin.dll
[2006/07/23 09:31:34 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\dlbusnls.dll
[2006/01/16 17:30:55 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2005/12/04 20:39:31 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/08/09 17:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/09 17:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/08/09 17:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/05/31 13:02:25 | 000,020,857 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/02/19 20:26:39 | 000,000,725 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/11/24 17:29:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/11/22 15:16:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/22 15:14:53 | 000,002,824 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/11/22 15:11:19 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\PdeSrv2p.dll
[2004/11/22 15:03:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/22 14:59:07 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/11/22 14:58:57 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2004/11/22 14:58:57 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/11/22 14:58:52 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/11/22 14:34:44 | 000,000,459 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/12 09:03:56 | 001,287,168 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2004/08/12 08:58:07 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\intelppm.sys
[2004/08/10 14:13:12 | 000,000,831 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 14:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/06 13:23:06 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbucur.dll
[2004/08/06 13:22:12 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\dlbujswr.dll
[2004/08/06 13:07:24 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbucu.dll
[2004/08/06 13:01:42 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\dlbuutil.dll
[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/10/08 09:09:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbuvs.dll
[2002/09/17 16:02:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2002/09/17 16:01:38 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2002/09/17 16:00:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2002/09/17 16:00:28 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2001/10/24 18:08:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ArmAccess.dll
[1980/01/01 01:00:00 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[1980/01/01 01:00:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2010/12/10 12:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BearShare
[2010/08/28 18:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Business Management Systems
[2010/03/15 17:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CBL-Electronics
[2010/02/14 19:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/02/10 17:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2005/09/20 18:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes
[2006/05/31 11:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freedom
[2008/11/29 00:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\great coal love default
[2005/08/02 17:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/02/10 16:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/12/31 16:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pKlBa06300
[2010/04/18 09:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Socusoft
[2008/03/01 17:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2010/10/23 09:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/03 16:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/08/28 18:54:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{24202FD0-3651-4C5E-8793-E1C3251724EF}
[2010/10/07 06:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/17 20:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/12/10 12:13:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A471C4AE-B27B-4761-9BCF-82FAAAAA2D01}
[2007/01/13 12:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Aim
[2008/02/18 12:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Ares Ultra
[2010/03/15 17:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\CBL-Electronics
[2010/04/22 16:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/09/29 17:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\CVS
[2010/02/10 16:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\DriverCure
[2010/06/30 20:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\ElevatedDiagnostics
[2008/11/29 00:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\error kind find
[2010/04/13 16:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Facebook
[2007/06/02 12:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\GetRightToGo
[2011/01/03 21:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Image Zone Express
[2007/04/03 18:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\InterTrust
[2007/05/23 07:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Jasc
[2005/09/06 13:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Leadertech
[2010/12/26 11:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\MixVibes
[2009/10/01 09:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\mjusbsp
[2006/07/23 09:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\MSNInstaller
[2010/02/05 22:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Musicmatch
[2010/02/11 19:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\PerfectTablePlan
[2010/07/02 22:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Printer Info Cache
[2008/03/01 17:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\TaxCut
[2010/12/18 22:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\uTorrent
[2010/12/11 22:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\vShare
[2010/07/22 05:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Ydxa
[2010/07/22 15:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Zail
[2010/06/16 11:17:01 | 000,001,134 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job
[2010/12/15 01:00:00 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/07/24 15:44:04 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\prismShakeIcon.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2009/06/27 18:46:59 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
[2009/06/27 18:46:59 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩

========== Alternate Data Streams ==========

@Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31FAD21
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:404390E0

< End of report >

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=fb0d04a1bd741c4e8efec7ad664761ed
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-01-06 11:39:06
# local_time=2011-01-06 06:39:06 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 433988 433988 0 0
# compatibility_mode=5121 16777173 100 75 932683 23501450 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=337350
# found=4
# cleaned=4
# scan_time=9823
C:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Data\default\us_sres.data Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP123\A0052522.exe a variant of Win32/1AntiVirus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0054796.data Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP42\A0013826.exe probably a variant of Win32/Inject.FSDPHUZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  • 0

#13
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

do you get this error when opening any file at your desktop or does it appear for certain files?

now

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2009/06/27 18:46:59 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\????????????????????^(4)???????????????????????
    [2009/06/27 18:46:59 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\????????????????????^(4)???????????????????????
    
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 1

#14
patfan4lif

patfan4lif

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Here is the OTL file you requested. It seams the only files I have trouble opening are the text files from note pad on my desktop.

OTL logfile created on: 1/7/2011 3:58:11 PM - Run 5
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\joann.HOMER33.000\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): c:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.94 Gb Total Space | 15.47 Gb Free Space | 21.80% Space Free | Partition Type: NTFS
Drive D: | 250.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 1.92 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BRIAN | User Name: joann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/04 12:27:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\joann.HOMER33.000\Desktop\OTL.exe
PRC - [2010/10/13 21:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2010/10/13 21:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
PRC - [2010/10/05 15:34:08 | 000,835,584 | ---- | M] () -- C:\Program Files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe
PRC - [2010/10/05 15:33:44 | 000,163,840 | ---- | M] (Verizon) -- C:\Program Files\Verizon\Verizon Media Manager\Release\VZVideoAgent.exe
PRC - [2010/09/30 12:10:36 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/01 16:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2005/06/01 06:47:49 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2003/09/17 11:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
PRC - [2003/08/28 13:01:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
PRC - [2003/01/10 18:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2002/09/17 17:31:26 | 000,053,248 | ---- | M] (Fellowes, Inc.) -- C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe


========== Modules (SafeList) ==========

MOD - [2011/01/04 12:27:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\joann.HOMER33.000\Desktop\OTL.exe
MOD - [2010/12/09 14:20:40 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2002/09/17 17:28:16 | 000,090,112 | ---- | M] (Fellowes, Inc.) -- C:\Program Files\Fellowes\MediaFACE 4.0\MFHookManager.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\TEMP\023999~1.EXE -- (0239991294259256mcinstcleanup) McAfee Application Installer Cleanup (0239991294259256)
SRV - [2010/10/13 21:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 21:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/08/31 15:50:40 | 000,041,776 | R--- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2008/04/13 19:12:35 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\skeys.exe -- (SerialKeys)
SRV - [2007/03/20 07:19:14 | 000,263,168 | ---- | M] (Ares Development Group) [On_Demand | Stopped] -- C:\Program Files\Ares Ultra\chatServer.exe -- (AresChatServer)
SRV - [2004/07/01 15:45:46 | 000,421,888 | ---- | M] (Dell) [Disabled | Stopped] -- C:\WINDOWS\System32\dlbucoms.exe -- (dlbu_device)
SRV - [2003/08/28 13:01:22 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)
SRV - [2003/01/10 18:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\WscNetDr.sys -- (WscNetDr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DDMI2.sys -- (SDDMI2)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\JOANNH~1.000\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/10/13 21:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 21:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 21:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 21:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 21:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 21:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 21:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 21:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 21:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cfwids.sys -- (cfwids)
DRV - [2010/10/13 21:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2010/09/07 11:27:20 | 000,036,352 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\intelppm.sys -- (intelppm)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/09/29 00:02:00 | 000,016,752 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctpdusb2.sys -- (Jukebox)
DRV - [2004/08/12 09:07:42 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/12 09:06:53 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/12 09:06:53 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/12 09:06:53 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/12 09:06:52 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/12 09:06:16 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/12 09:03:54 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/12 09:03:53 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/12 09:03:53 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/12 09:00:09 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/12 08:56:47 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/12 08:56:06 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/12 08:55:49 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/12 08:55:49 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/12 08:55:47 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/06/15 23:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/06/09 13:16:00 | 000,840,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P17.sys -- (P17)
DRV - [2004/05/20 00:58:54 | 000,379,456 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PRISMA02.sys -- (PRISM_A02)
DRV - [2004/03/05 21:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 21:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 21:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/09/22 09:48:00 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 09:47:00 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2003/03/05 13:19:00 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Pfmodnt.sys -- (PfModNT)
DRV - [2003/01/10 18:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 14:05:44 | 000,141,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Icam3.sys -- (ICAM3NT5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C AE 97 2E 82 41 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {3f5f5e47-34a5-408a-b646-d103852199f6} - C:\Program Files\Oryte_Games_1.6\tbOry2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://en-us.start.m...en-US:official"
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\FF2
FF - HKLM\software\mozilla\Firefox\Extensions\\{57B77092-0906-48E7-B331-8DD09B5FA6BA}: C:\Documents and Settings\joann.HOMER33.000\Local Settings\Application Data\{57B77092-0906-48E7-B331-8DD09B5FA6BA}
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/01/05 21:30:14 | 000,000,000 | ---D | M]

[2009/07/14 23:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Mozilla\Extensions
[2009/07/14 23:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Mozilla\Extensions\[email protected]
[2010/12/11 22:19:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Mozilla\Firefox\Profiles\sfaf1yba.default\extensions
[2008/04/03 08:47:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Mozilla\Firefox\Profiles\sfaf1yba.default\extensions\staged-xpis
[2010/12/11 22:19:45 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Mozilla\Firefox\Profiles\sfaf1yba.default\extensions\vshare@toolbar
[2008/04/07 11:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/07 11:55:31 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2)
[2008/04/07 11:55:32 | 000,000,000 | ---D | M] (Real Networks Settings) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/04/07 11:55:32 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(2).org

O1 HOSTS File: ([2011/01/05 22:27:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Oryte Games 1.6 Toolbar) - {3f5f5e47-34a5-408a-b646-d103852199f6} - C:\Program Files\Oryte_Games_1.6\tbOry2.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20101031082050.dll (McAfee, Inc.)
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Oryte Games 1.6 Toolbar) - {3f5f5e47-34a5-408a-b646-d103852199f6} - C:\Program Files\Oryte_Games_1.6\tbOry2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AIM Search) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Oryte Games 1.6 Toolbar) - {3F5F5E47-34A5-408A-B646-D103852199F6} - C:\Program Files\Oryte_Games_1.6\tbOry2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe (Fellowes, Inc.)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Verizon Media Manager] C:\Program Files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_19.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe File not found
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: bankofamerica.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://my.verizon.co...vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/11 08:32:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/07 15:54:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/01/06 15:48:08 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/01/06 15:23:06 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/05 22:02:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/05 22:02:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/05 22:02:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/05 22:02:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/05 22:02:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/04 22:54:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Talk
[2011/01/04 14:13:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/04 12:27:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\joann.HOMER33.000\Desktop\OTL.exe
[2011/01/03 21:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\Loaris
[2010/12/31 16:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/12/31 16:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Start Menu\Programs\HiJackThis
[2010/12/31 15:58:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Desktop\backups
[2010/12/31 10:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\pKlBa06300
[2010/12/27 19:58:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\dvdcss
[2010/12/26 11:33:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\MixVibes
[2010/12/26 11:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Start Menu\Programs\MixVibes
[2010/12/26 11:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\MixVibes
[2010/12/18 16:26:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Desktop\New Folder
[2010/12/11 22:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\vShare
[2010/12/11 22:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\vShare
[2010/12/10 12:12:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\My Documents\My Received Files
[2010/12/10 12:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\My Documents\BearShare
[2010/12/10 12:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Local Settings\Application Data\BearShare
[2010/12/10 12:10:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BearShare
[2010/12/10 12:10:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BearShare
[2010/12/10 12:10:03 | 000,000,000 | ---D | C] -- C:\Program Files\BearShare Applications
[2010/12/10 11:56:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{A471C4AE-B27B-4761-9BCF-82FAAAAA2D01}
[2010/12/10 11:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann.HOMER33.000\Local Settings\Application Data\PackageAware

========== Files - Modified Within 30 Days ==========

[2011/01/07 15:55:08 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/01/07 15:54:28 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/07 15:54:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/01/07 15:41:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2774985004-2729123369-274862516-1009UA.job
[2011/01/07 15:22:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/07 04:41:06 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2774985004-2729123369-274862516-1009Core.job
[2011/01/05 22:27:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/01/04 15:32:00 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/04 12:27:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\joann.HOMER33.000\Desktop\OTL.exe
[2011/01/04 12:19:37 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/01 15:43:30 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/31 09:50:20 | 000,022,339 | ---- | M] () -- C:\WINDOWS\phoneh~5.CSV
[2010/12/31 09:47:37 | 000,022,188 | ---- | M] () -- C:\WINDOWS\phoneh~5.bak
[2010/12/29 17:50:45 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/12/26 12:57:22 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/22 20:33:42 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Desktop\My Network Places.lnk
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/17 16:42:46 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Desktop\Microsoft Office Word 2007.lnk
[2010/12/16 19:49:28 | 000,011,376 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\My Documents\kacies science paper.docx
[2010/12/15 03:29:49 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/15 01:00:00 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/12/14 12:43:22 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/14 12:43:21 | 000,002,376 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Desktop\Google Chrome.lnk
[2010/12/10 12:11:23 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Microsoft\Internet Explorer\Quick Launch\BearShare.lnk

========== Files Created - No Company Name ==========

[2011/01/05 22:02:51 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/05 22:02:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/05 22:02:51 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/05 22:02:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/05 22:02:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/04 15:32:00 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/22 20:33:42 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Desktop\My Network Places.lnk
[2010/12/16 19:49:28 | 000,011,376 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\My Documents\kacies science paper.docx
[2010/12/10 12:11:23 | 000,000,863 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Microsoft\Internet Explorer\Quick Launch\BearShare.lnk
[2010/10/15 02:13:42 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/02 14:29:04 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/06 12:58:13 | 000,007,963 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/04/09 14:30:07 | 000,000,023 | ---- | C] () -- C:\WINDOWS\settings.ini
[2007/07/12 08:20:16 | 009,437,238 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\ZBWallpaper.bmp
[2007/03/28 18:02:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2007/02/26 15:28:08 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/08/15 08:30:50 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\internaldb4418.dat
[2006/08/15 08:16:57 | 000,000,299 | ---- | C] () -- C:\Documents and Settings\joann.HOMER33.000\Application Data\internaldb1942.dat
[2006/07/23 09:31:34 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbucoin.dll
[2006/07/23 09:31:34 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\dlbusnls.dll
[2006/01/16 17:30:55 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2005/12/04 20:39:31 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/08/09 17:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/09 17:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/08/09 17:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/05/31 13:02:25 | 000,020,857 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/02/19 20:26:39 | 000,000,725 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/11/24 17:29:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/11/22 15:16:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/22 15:14:53 | 000,002,824 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/11/22 15:11:19 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\PdeSrv2p.dll
[2004/11/22 15:03:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/22 14:59:07 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/11/22 14:58:57 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2004/11/22 14:58:57 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/11/22 14:58:52 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/11/22 14:34:44 | 000,000,459 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/12 09:03:56 | 001,287,168 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2004/08/12 08:58:07 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\intelppm.sys
[2004/08/10 14:13:12 | 000,000,831 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 14:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/06 13:23:06 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbucur.dll
[2004/08/06 13:22:12 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\dlbujswr.dll
[2004/08/06 13:07:24 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbucu.dll
[2004/08/06 13:01:42 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\dlbuutil.dll
[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/10/08 09:09:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbuvs.dll
[2002/09/17 16:02:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2002/09/17 16:01:38 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2002/09/17 16:00:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2002/09/17 16:00:28 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2001/10/24 18:08:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ArmAccess.dll
[1980/01/01 01:00:00 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[1980/01/01 01:00:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2010/12/10 12:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BearShare
[2010/08/28 18:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Business Management Systems
[2010/03/15 17:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CBL-Electronics
[2010/02/14 19:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/02/10 17:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2005/09/20 18:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes
[2006/05/31 11:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freedom
[2008/11/29 00:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\great coal love default
[2005/08/02 17:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/02/10 16:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/12/31 16:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pKlBa06300
[2010/04/18 09:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Socusoft
[2008/03/01 17:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2010/10/23 09:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/03 16:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/08/28 18:54:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{24202FD0-3651-4C5E-8793-E1C3251724EF}
[2010/10/07 06:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/17 20:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/12/10 12:13:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A471C4AE-B27B-4761-9BCF-82FAAAAA2D01}
[2007/01/13 12:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Aim
[2008/02/18 12:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Ares Ultra
[2010/03/15 17:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\CBL-Electronics
[2010/04/22 16:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/09/29 17:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\CVS
[2010/02/10 16:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\DriverCure
[2010/06/30 20:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\ElevatedDiagnostics
[2008/11/29 00:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\error kind find
[2010/04/13 16:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Facebook
[2007/06/02 12:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\GetRightToGo
[2011/01/03 21:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Image Zone Express
[2007/04/03 18:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\InterTrust
[2007/05/23 07:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Jasc
[2005/09/06 13:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Leadertech
[2010/12/26 11:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\MixVibes
[2009/10/01 09:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\mjusbsp
[2006/07/23 09:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\MSNInstaller
[2010/02/05 22:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Musicmatch
[2010/02/11 19:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\PerfectTablePlan
[2010/07/02 22:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Printer Info Cache
[2008/03/01 17:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\TaxCut
[2010/12/18 22:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\uTorrent
[2010/12/11 22:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\vShare
[2010/07/22 05:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Ydxa
[2010/07/22 15:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann.HOMER33.000\Application Data\Zail
[2010/06/16 11:17:01 | 000,001,134 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job
[2010/12/15 01:00:00 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/07/24 15:44:04 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\prismShakeIcon.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2009/06/27 18:46:59 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
[2009/06/27 18:46:59 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩

========== Alternate Data Streams ==========

@Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31FAD21
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:404390E0

< End of report >
  • 0

#15
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

sorry for the delay i haven't received notification of your reply on my email.

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2009/06/27 18:46:59 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\????????????????????^(4)???????????????????????
    [2009/06/27 18:46:59 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\????????????????????^(4)???????????????????????
    
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Update MalwareBytes AntiMalware and Run a Quick Scan.
Post the log it produces


Things I would like to see in your reply:
  • OTL log
  • MBAM log

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP