Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Windows XP Recovery Virus - removed but still have problems!

Started by redleader74 , May 27 2011 10:49 AM

This topic is locked

#1
redleader74

Posted 27 May 2011 - 10:49 AM

Member

Member
195 posts

I ran malwarebytes and thought I had removed it, but there are still many remaining problems, like IE and Firefox redirects, IE running in background, Etc. Here's my OTL log:

OTL.Txt:

OTL logfile created on: 5/27/2011 9:40:46 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Kwong\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 199.32 Mb Available Physical Memory | 19.50% Memory free
2.40 Gb Paging File | 1.81 Gb Available in Paging File | 75.48% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.84 Gb Total Space | 108.71 Gb Free Space | 74.54% Space Free | Partition Type: NTFS

Computer Name: KWONGSCOMPUTER | User Name: Kwong | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/26 16:49:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kwong\Desktop\OTL.exe
PRC - [2011/05/25 02:00:34 | 002,151,128 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/05/25 02:00:34 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/08/24 13:15:03 | 000,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/06/20 16:48:19 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\UTSCSI.EXE
PRC - [2009/05/04 09:20:56 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/03/20 14:32:32 | 001,312,256 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009/03/09 13:44:12 | 000,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009/03/04 11:25:12 | 000,621,056 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008/11/26 12:35:00 | 000,119,808 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008/10/13 12:47:36 | 000,253,952 | ---- | M] (Magic Control Technology Corporation) -- C:\WINDOWS\system32\trutil5001.exe
PRC - [2008/07/08 17:51:16 | 000,315,392 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\system32\mctudll.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/01/09 16:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/11/01 19:12:38 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2007/08/24 05:00:40 | 000,023,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2007/08/15 12:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/08/04 02:33:14 | 000,582,992 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007/07/25 01:41:52 | 000,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2007/07/24 12:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2007/02/08 19:39:34 | 000,036,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
PRC - [2006/10/19 10:31:02 | 000,102,400 | ---- | M] (SHARP CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\IN0XRCV.exe
PRC - [2006/08/28 22:57:12 | 000,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2005/09/15 21:15:35 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2005/04/25 06:50:08 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005/04/25 06:49:52 | 000,086,142 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005/03/22 21:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe

========== Modules (SafeList) ==========

MOD - [2011/05/26 16:49:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kwong\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/05/25 02:00:34 | 002,151,128 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/06/20 16:48:19 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\UTSCSI.EXE -- (UTSCSI)
SRV - [2009/03/04 11:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2008/01/09 16:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/08/24 05:00:40 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007/08/15 12:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/07/25 03:16:16 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007/07/25 01:41:52 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/07/24 12:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2005/04/25 06:49:52 | 000,086,142 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®

========== Driver Services (SafeList) ==========

DRV - [2011/05/25 02:00:36 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/02/09 07:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 07:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 07:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/02/09 07:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/09/30 14:28:52 | 000,062,080 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\trgusb.sys -- (trgusb)
DRV - [2008/09/30 13:50:56 | 000,020,224 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TrgMrGrp.sys -- (TrgMrGrp)
DRV - [2008/09/30 13:50:20 | 000,019,712 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TrgExGrp.sys -- (TrgExGrp)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/07/24 12:02:36 | 000,033,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/07/24 07:40:36 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/07/21 09:08:24 | 000,201,288 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/07/21 09:08:24 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/07/21 09:08:24 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/07/13 09:20:24 | 000,113,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2006/01/10 12:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/15 21:15:38 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/03/31 17:22:16 | 000,180,096 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005/03/30 03:03:06 | 001,035,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/02 13:12:14 | 000,019,456 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2002/11/08 17:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "http://www.gobrs.com...ls=uniHWMzG&q="

FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..keyword.URL: "http://www.gobrs.com...ls=uniHWMzG&q="

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/10/08 09:20:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/10 14:04:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/20 09:19:11 | 000,000,000 | ---D | M]

[2009/10/28 09:16:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kwong\Application Data\Mozilla\Extensions
[2010/10/15 10:57:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kwong\Application Data\Mozilla\Firefox\Profiles\03a9wkls.default\extensions
[2010/01/20 15:33:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kwong\Application Data\Mozilla\Firefox\Profiles\03a9wkls.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/15 09:46:41 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\Kwong\Application Data\Mozilla\Firefox\Profiles\03a9wkls.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/08/24 13:11:27 | 000,002,197 | ---- | M] () -- C:\Documents and Settings\Kwong\Application Data\Mozilla\Firefox\Profiles\03a9wkls.default\searchplugins\google-search.xml
[2009/10/28 09:16:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/05/04 09:20:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/08/24 13:11:27 | 000,002,197 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google-search.xml

O1 HOSTS File: ([2008/04/04 14:11:43 | 000,231,164 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 .supercocklol.com
O1 - Hosts: 127.0.0.1 www..webloyalty.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 8104 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] File not found
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IN0XRCV] C:\WINDOWS\system32\spool\drivers\w32x86\3\IN0XRCV.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mctudll] C:\WINDOWS\system32\mctudll.exe (TODO: <Company name>)
O4 - HKLM..\Run: [mmtask] File not found
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe (McAfee, Inc.)
O4 - HKLM..\Run: [trutil5001] C:\WINDOWS\system32\trutil5001.exe (Magic Control Technology Corporation)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent(2).lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Kwong\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: travelers.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: travelers.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: travelerspc.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: travelerspc.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: safeco.com ([safesite] https in Trusted sites)
O15 - HKCU\..Trusted Domains: travelers.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: travelers.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: travelers.com ([agenthq] https in Trusted sites)
O15 - HKCU\..Trusted Domains: travelerspc.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: travelerspc.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://attwm3.webex...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://tcupload.appl...oad/XUpload.ocx (Persits Software XUpload)
O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} http://www.networkso...rueSwitchEC.exe (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\flowto {C7101FB0-28FB-11D5-883A-204C4F4F5021} - C:\Program Files\NetExchange Pro3.0\FlowHook.dll ()
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 15:15:00 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{40be80cc-551b-11dd-9ff1-00123f7233d6}\Shell - "" = AutoRun
O33 - MountPoints2\{40be80cc-551b-11dd-9ff1-00123f7233d6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{40be80cc-551b-11dd-9ff1-00123f7233d6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{673cf3a2-a16c-11de-a192-00123f7233d6}\Shell\AutoRun\command - "" = F:\1rfw8hjr.com
O33 - MountPoints2\{673cf3a2-a16c-11de-a192-00123f7233d6}\Shell\explore\Command - "" = F:\1rfw8hjr.com
O33 - MountPoints2\{673cf3a2-a16c-11de-a192-00123f7233d6}\Shell\open\Command - "" = F:\1rfw8hjr.com
O33 - MountPoints2\{a5d5f2e8-403b-11e0-a313-00123f7233d6}\Shell - "" = AutoRun
O33 - MountPoints2\{a5d5f2e8-403b-11e0-a313-00123f7233d6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a5d5f2e8-403b-11e0-a313-00123f7233d6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{eb30dbee-09d4-11df-a205-00123f7233d6}\Shell - "" = AutoRun
O33 - MountPoints2\{eb30dbee-09d4-11df-a205-00123f7233d6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{eb30dbee-09d4-11df-a205-00123f7233d6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/26 18:29:11 | 007,734,216 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kwong\Desktop\mel-wear-bites.exe
[2011/05/26 18:29:11 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kwong\Desktop\OTL.exe
[2011/05/26 17:49:48 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/05/26 17:47:43 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/05/26 17:47:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/05/26 17:47:31 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/05/26 17:36:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kwong\Recent
[2011/05/26 16:48:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/05/26 16:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kwong\Application Data\Malwarebytes
[2011/05/26 16:28:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/26 16:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/18 14:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kwong\Desktop\330 8th Street, 5C
[2011/05/10 09:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kwong\My Documents\My Meetings
[2011/05/10 09:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kwong\Tracing
[2011/05/10 09:50:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Live Meeting 2007
[2011/05/10 09:50:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Applications
[2011/05/02 10:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kwong\Desktop\Yamaha Piano Tuning
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/27 09:38:18 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/05/27 09:26:01 | 000,000,884 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/27 09:26:00 | 000,000,880 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/27 09:24:58 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/27 09:24:54 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/27 09:23:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/26 19:42:41 | 000,000,097 | ---- | M] () -- C:\Documents and Settings\Kwong\Desktop\Fixing Inbox location.URL
[2011/05/26 18:43:15 | 000,055,808 | ---- | M] () -- C:\Documents and Settings\Kwong\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/26 18:09:23 | 000,001,356 | ---- | M] () -- C:\Documents and Settings\Kwong\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to SCANPST.EXE.lnk
[2011/05/26 17:50:21 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Kwong\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/05/26 17:49:47 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/05/26 17:47:48 | 000,000,804 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/05/26 17:46:20 | 000,001,549 | ---- | M] () -- C:\Documents and Settings\Kwong\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/05/26 17:05:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/26 16:49:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kwong\Desktop\OTL.exe
[2011/05/26 16:48:34 | 000,485,376 | ---- | M] () -- C:\Documents and Settings\Kwong\Desktop\RogueKiller.exe
[2011/05/26 16:00:01 | 000,000,168 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~21552932r
[2011/05/26 16:00:01 | 000,000,144 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~21552932
[2011/05/26 15:34:31 | 000,032,038 | -H-- | M] () -- C:\WINDOWS\System32\Config.MPF
[2011/05/26 15:31:26 | 000,000,344 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\21552932
[2011/05/25 15:01:58 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Kwong\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2011/05/25 02:00:36 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/05/18 14:58:42 | 007,734,216 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kwong\Desktop\mel-wear-bites.exe
[2011/05/10 13:20:18 | 000,002,499 | ---- | M] () -- C:\Documents and Settings\Kwong\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel (2)(2).lnk
[2011/05/04 13:13:53 | 000,368,327 | ---- | M] () -- C:\Documents and Settings\Kwong\Desktop\Knob-and-tubes.jpg
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/26 19:42:41 | 000,000,097 | ---- | C] () -- C:\Documents and Settings\Kwong\Desktop\Fixing Inbox location.URL
[2011/05/26 18:29:12 | 000,485,376 | ---- | C] () -- C:\Documents and Settings\Kwong\Desktop\RogueKiller.exe
[2011/05/26 18:09:23 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\Kwong\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to SCANPST.EXE.lnk
[2011/05/26 17:50:21 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Kwong\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/05/26 17:47:48 | 000,000,804 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/05/26 17:46:20 | 000,001,549 | ---- | C] () -- C:\Documents and Settings\Kwong\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/05/26 16:50:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/26 15:32:38 | 000,000,168 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~21552932r
[2011/05/26 15:32:37 | 000,000,144 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~21552932
[2011/05/26 15:31:26 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\21552932
[2011/05/04 13:20:14 | 000,368,327 | ---- | C] () -- C:\Documents and Settings\Kwong\Desktop\Knob-and-tubes.jpg
[2011/01/18 18:34:05 | 000,035,600 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/06 18:11:19 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\Transware.ini
[2009/12/31 11:24:21 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/12/31 11:24:20 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009/10/08 09:40:41 | 000,057,139 | ---- | C] () -- C:\Documents and Settings\Kwong\Application Data\NMM-MetaData.db
[2009/09/15 13:53:59 | 000,055,808 | ---- | C] () -- C:\Documents and Settings\Kwong\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/07 13:29:19 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/09/04 14:53:46 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Kwong.ini
[2009/06/20 16:48:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UTSCSI.EXE
[2009/04/29 12:06:19 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\UDLL.dll
[2009/04/29 12:06:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\mctudll.dll
[2008/10/04 10:19:08 | 000,000,162 | ---- | C] () -- C:\WINDOWS\msffile.ini
[2008/09/26 16:50:59 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2008/08/19 15:43:00 | 000,000,097 | ---- | C] () -- C:\WINDOWS\ccard100.ini
[2008/06/13 13:57:54 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll
[2008/05/17 10:35:00 | 000,001,056 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/17 10:35:00 | 000,000,103 | ---- | C] () -- C:\WINDOWS\odbcisam.ini
[2008/05/17 10:34:59 | 000,000,920 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/05/17 10:34:51 | 000,001,017 | ---- | C] () -- C:\WINDOWS\WINWORD6.INI
[2008/05/17 10:34:46 | 000,001,897 | ---- | C] () -- C:\WINDOWS\ARTGALRY.INI
[2008/05/17 10:34:39 | 000,000,124 | ---- | C] () -- C:\WINDOWS\GRAPH5.INI
[2008/05/17 10:34:37 | 000,002,124 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2008/05/17 10:34:36 | 000,001,607 | ---- | C] () -- C:\WINDOWS\EXCEL5.INI
[2008/05/17 10:34:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Winhelp.ini
[2008/05/17 10:34:20 | 000,000,535 | ---- | C] () -- C:\WINDOWS\MSTXTCNV.INI
[2008/05/17 10:34:15 | 000,002,041 | ---- | C] () -- C:\WINDOWS\MSFNTMAP.INI
[2008/05/17 10:34:07 | 000,000,280 | ---- | C] () -- C:\WINDOWS\TTEMBED.INI
[2008/03/26 12:50:06 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2008/02/25 16:30:21 | 000,196,696 | ---- | C] () -- C:\WINDOWS\_isusr32.dll
[2008/02/25 16:30:21 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\_isusr2k.dll
[2008/02/25 16:30:21 | 000,000,142 | -H-- | C] () -- C:\WINDOWS\System32\Uin0xMsg.dat
[2008/02/25 16:30:20 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\uin0x.dll
[2008/02/25 16:30:10 | 000,000,395 | -H-- | C] () -- C:\WINDOWS\System32\SCN2PM.DAT
[2007/11/26 12:00:32 | 000,000,055 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2007/11/26 12:00:32 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2007/11/26 11:47:31 | 000,001,175 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/11/26 11:47:31 | 000,000,426 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2007/11/26 11:47:31 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/11/26 11:47:31 | 000,000,065 | -H-- | C] () -- C:\WINDOWS\System32\BD7820N.dat
[2007/11/26 11:47:31 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/11/26 11:47:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2007/11/26 11:46:55 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2007/11/26 11:46:51 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\brdfxspd.dat
[2007/11/23 16:40:56 | 000,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini
[2007/05/17 09:53:14 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007/05/17 09:53:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2007/03/19 09:01:49 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/11/13 18:28:00 | 000,000,100 | -H-- | C] () -- C:\WINDOWS\System32\IN0ELMON.dat
[2006/11/13 18:21:52 | 000,000,100 | -H-- | C] () -- C:\WINDOWS\System32\IN0FLMON.dat
[2006/06/12 09:35:42 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/03/30 14:58:58 | 000,000,524 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/03/16 18:54:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/02/01 18:47:34 | 000,000,054 | ---- | C] () -- C:\WINDOWS\FSC.INI
[2005/12/31 11:42:21 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/12/31 11:42:02 | 000,000,142 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2005/12/31 11:41:16 | 000,000,687 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2005/11/09 15:40:30 | 000,006,550 | -H-- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/10/12 11:21:54 | 000,000,667 | ---- | C] () -- C:\WINDOWS\LIFW.INI
[2005/10/12 11:21:54 | 000,000,147 | ---- | C] () -- C:\WINDOWS\TOM.INI
[2005/09/29 09:15:32 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/09/29 09:15:32 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\A5DA682811.sys
[2005/09/15 21:22:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/15 21:17:19 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/09/15 21:14:58 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2005/09/15 20:52:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/09/15 20:52:40 | 000,081,342 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/09/15 20:52:18 | 000,000,394 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 15:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 15:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 15:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 15:12:14 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 15:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 15:07:24 | 000,004,806 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 15:06:43 | 000,165,120 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 15:00:30 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 15:00:28 | 000,442,466 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 15:00:28 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 15:00:28 | 000,071,732 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 15:00:28 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 15:00:27 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 15:00:26 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 15:00:24 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 15:00:19 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 15:00:19 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 15:00:12 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 15:00:04 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1997/11/21 18:03:20 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1997/09/30 14:30:02 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL

========== LOP Check ==========

[2011/05/10 09:50:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/02/04 15:13:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Cozi
[2008/05/09 13:27:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/10/08 09:18:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/10/08 09:25:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/12/06 17:03:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/07/21 13:42:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PlotSoft
[2010/01/07 11:14:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Transamerica
[2009/07/23 14:43:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/02/10 14:11:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/08 22:35:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/10/15 09:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kwong\Application Data\DVDVideoSoftIEHelpers
[2010/03/04 10:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kwong\Application Data\HotSync
[2009/08/12 15:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kwong\Application Data\Leadertech
[2009/10/16 15:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kwong\Application Data\Nokia
[2009/09/06 16:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kwong\Application Data\Oce
[2009/10/08 09:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kwong\Application Data\PC Suite
[2010/01/29 17:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kwong\Application Data\pdf995
[2009/07/24 13:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kwong\Application Data\ThumbsPlus
[2009/09/18 10:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kwong\Application Data\webex
[2011/05/27 09:24:58 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2008/02/15 02:05:53 | 000,000,362 | -H-- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/12/01 02:00:00 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========

< End of report >

Extras.Txt:
OTL Extras logfile created on: 5/27/2011 9:40:46 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Kwong\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 199.32 Mb Available Physical Memory | 19.50% Memory free
2.40 Gb Paging File | 1.81 Gb Available in Paging File | 75.48% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.84 Gb Total Space | 108.71 Gb Free Space | 74.54% Space Free | Partition Type: NTFS

Computer Name: KWONGSCOMPUTER | User Name: Kwong | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"D:\setup\HPZnet01.exe" = D:\setup\HPZnet01.exe:*:Enabled:hpznet01.exe
"D:\setup\HPONICIFS01.EXE" = D:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
"C:\WINDOWS\system32\spool\drivers\w32x86\3\IN0XNJR.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\IN0XNJR.exe:*:Enabled:PC-Fax Notify Job Results -- (SHARP CORPORATION)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{245B4BB9-D643-4A87-968D-6C856FF1706A}" = VChannelClient
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36BD0774-6CD6-4FF9-A148-83CA09AC123E}" = Intel® PROSafe for Wired Connections
"{403EF592-953B-4794-BCEF-ECAB835C2095}" = Intel® PROSafe for Wired Connections
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{685DEA21-3622-455A-A41B-89557A168DFD}" = Ad-Aware
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}" = Nokia PC Suite
"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
"{83E56086-8859-4C08-8D2E-CDF1E8C1B1E4}" = WinFSC First American California Network
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{95DDF95D-F845-46B7-B939-F9652ECEBCF2}" = Residential Component Technology - Standalone
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1CEAB5E-23FE-4D62-96D7-AE2744367FD7}" = Cozi
"{C6EAD092-4544-4984-8620-F32F4BCA5180}" = Transamerica Life Products Illustration System TransWare Prerequisite V 2.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC41F9D1-75D7-48AE-B53E-38129B7E8F38}" = Transamerica Life Products Illustration System - TransWare
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
"{DC1B32F7-D001-4C1F-BBA1-87B31BEEC0BC}" = SEE2 Xpress / TRI-UV50 8.1.5.1013.1146
"{DF930075-1C01-45CA-B023-993BF4118096}" = Microsoft Office Live Meeting 2005
"{E434580A-2D4A-4433-A81E-4BCAE86AD148}" = palmOne
"{E4375AC9-EDE1-4943-A0E3-801CEB7041DF}" = Dell Support 3.2.1
"{EA710A0A-BF5D-433C-8EB5-D17DC54CC298}" = Microsoft Office Live Meeting 2007
"{ECE80888-45E5-46FD-8E0C-FEF3648847BB}" = Sibelius Scorch (all browsers)
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"CutePDF Writer Installation" = CutePDF Writer 2.8
"D978F69D5F15B845BD6BC6F8BF9BCD36982A2087" = Windows Driver Package - Nokia Modem (02/24/2009 4.0)
"E7F682214B951640C9C539C41FDA1A7F836FF7B6" = Windows Driver Package - Nokia Modem (02/23/2009 7.01.0.2)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"InstallShield_{C6EAD092-4544-4984-8620-F32F4BCA5180}" = Transamerica Life Products Illustration System TransWare Prerequisite V 2.0
"InstallShield_{CC41F9D1-75D7-48AE-B53E-38129B7E8F38}" = Transamerica Life Products Illustration System - TransWare
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.4.2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.2
"NetExchangePro 3.0" = NetExchangePro 3.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"Oce cm2510 4010 Series PC-Fax Driver" = Oce cm2510/4010 Series PC-Fax Driver
"Pdf995" = Pdf995
"PdfEdit995" = PdfEdit995
"PROSetDX" = Intel® PRO Network Connections Software v9.2.4.11
"Real Estate Transaction Viewer" = Real Estate Transaction Viewer
"RealPlayer 6.0" = RealPlayer Basic
"Recuva" = Recuva
"ReNamer_is1" = ReNamer
"ScrewDrivers Client v4" = ScrewDrivers Client v4
"Signature995" = Signature995
"SyncBack_is1" = SyncBack
"ThumbsPlus7" = ThumbsPlus version 7 SP2
"Uninstall_is1" = Uninstall 1.0.0.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/14/2011 1:07:20 PM | Computer Name = KWONGSCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 10.0.2627.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/14/2011 1:08:13 PM | Computer Name = KWONGSCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 10.0.2627.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/14/2011 1:08:15 PM | Computer Name = KWONGSCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 10.0.2627.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/14/2011 1:08:51 PM | Computer Name = KWONGSCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 10.0.2627.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/14/2011 1:09:32 PM | Computer Name = KWONGSCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 10.0.2627.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/14/2011 1:19:32 PM | Computer Name = KWONGSCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 10.0.2627.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/14/2011 1:26:36 PM | Computer Name = KWONGSCOMPUTER | Source = Microsoft Office 10 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Outlook.

Error - 4/14/2011 1:28:38 PM | Computer Name = KWONGSCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 10.0.2627.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/14/2011 3:39:16 PM | Computer Name = KWONGSCOMPUTER | Source = Microsoft Office 10 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Outlook.

Error - 5/5/2011 5:29:29 PM | Computer Name = KWONGSCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application googleearth.exe, version 5.2.1.1588, faulting
module msvcr80.dll, version 8.0.50727.4053, fault address 0x00008aa0.

[ System Events ]
Error - 5/26/2011 7:00:35 PM | Computer Name = KWONGSCOMPUTER | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 5/26/2011 7:03:37 PM | Computer Name = KWONGSCOMPUTER | Source = iastor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 5/26/2011 7:48:35 PM | Computer Name = KWONGSCOMPUTER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm mfehidk

Error - 5/26/2011 7:48:44 PM | Computer Name = KWONGSCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/26/2011 7:48:56 PM | Computer Name = KWONGSCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/26/2011 7:49:54 PM | Computer Name = KWONGSCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/26/2011 7:49:57 PM | Computer Name = KWONGSCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/26/2011 7:50:33 PM | Computer Name = KWONGSCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 5/26/2011 7:50:34 PM | Computer Name = KWONGSCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 5/26/2011 8:10:48 PM | Computer Name = KWONGSCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

< End of report >

#2
Essexboy

Posted 27 May 2011 - 12:32 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi there lets see if we can resolve this

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..keyword.URL: "http://www.gobrs.com...ls=uniHWMzG&q="
FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..keyword.URL: "http://www.gobrs.com...ls=uniHWMzG&q="
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O33 - MountPoints2\{673cf3a2-a16c-11de-a192-00123f7233d6}\Shell\AutoRun\command - "" = F:\1rfw8hjr.com
O33 - MountPoints2\{673cf3a2-a16c-11de-a192-00123f7233d6}\Shell\explore\Command - "" = F:\1rfw8hjr.com
O33 - MountPoints2\{673cf3a2-a16c-11de-a192-00123f7233d6}\Shell\open\Command - "" = F:\1rfw8hjr.com
[2011/05/26 16:00:01 | 000,000,168 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~21552932r
[2011/05/26 16:00:01 | 000,000,144 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~21552932
[2011/05/26 15:31:26 | 000,000,344 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\21552932

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

#3
redleader74

Posted 27 May 2011 - 01:13 PM

Member

Topic Starter
Member
195 posts

Ok, Thanks. Ran both OTL again and MBR. Here are the logs:

OTL:

OTL logfile created on: 5/27/2011 12:01:32 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Kwong\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 316.50 Mb Available Physical Memory | 30.97% Memory free
2.40 Gb Paging File | 1.87 Gb Available in Paging File | 77.97% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.84 Gb Total Space | 110.11 Gb Free Space | 75.50% Space Free | Partition Type: NTFS
Drive H: | 14.92 Gb Total Space | 10.60 Gb Free Space | 71.07% Space Free | Partition Type: FAT32

Computer Name: KWONGSCOMPUTER | User Name: Kwong | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/26 16:49:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kwong\Desktop\OTL.exe
PRC - [2011/05/25 02:00:34 | 002,151,128 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/05/25 02:00:34 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/08/24 13:15:03 | 000,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/06/20 16:48:19 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\UTSCSI.EXE
PRC - [2009/03/20 14:32:32 | 001,312,256 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009/03/09 13:44:12 | 000,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009/03/04 11:25:12 | 000,621,056 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008/11/26 12:35:00 | 000,119,808 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008/10/13 12:47:36 | 000,253,952 | ---- | M] (Magic Control Technology Corporation) -- C:\WINDOWS\system32\trutil5001.exe
PRC - [2008/07/08 17:51:16 | 000,315,392 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\system32\mctudll.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/01/09 16:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/11/01 19:12:38 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2007/08/24 05:00:40 | 000,023,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2007/08/15 12:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/08/04 02:33:14 | 000,582,992 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007/07/25 01:41:52 | 000,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2007/07/24 12:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2007/02/08 19:39:34 | 000,036,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
PRC - [2006/10/19 10:31:02 | 000,102,400 | ---- | M] (SHARP CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\IN0XRCV.exe
PRC - [2006/08/28 22:57:12 | 000,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2005/09/15 21:15:35 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2005/04/25 06:50:08 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005/04/25 06:49:52 | 000,086,142 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005/03/22 21:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe

========== Modules (SafeList) ==========

MOD - [2011/05/26 16:49:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kwong\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/05/25 02:00:34 | 002,151,128 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/06/20 16:48:19 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\UTSCSI.EXE -- (UTSCSI)
SRV - [2009/03/04 11:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2008/01/09 16:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/08/24 05:00:40 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007/08/15 12:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/07/25 03:16:16 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007/07/25 01:41:52 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/07/24 12:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2005/04/25 06:49:52 | 000,086,142 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®

========== Driver Services (SafeList) ==========

DRV - [2011/05/25 02:00:36 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/02/09 07:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 07:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 07:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/02/09 07:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/09/30 14:28:52 | 000,062,080 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\trgusb.sys -- (trgusb)
DRV - [2008/09/30 13:50:56 | 000,020,224 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TrgMrGrp.sys -- (TrgMrGrp)
DRV - [2008/09/30 13:50:20 | 000,019,712 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TrgExGrp.sys -- (TrgExGrp)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/07/24 12:02:36 | 000,033,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/07/24 07:40:36 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/07/21 09:08:24 | 000,201,288 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/07/21 09:08:24 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/07/21 09:08:24 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/07/13 09:20:24 | 000,113,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2006/01/10 12:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/15 21:15:38 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/03/31 17:22:16 | 000,180,096 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005/03/30 03:03:06 | 001,035,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/02 13:12:14 | 000,019,456 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2002/11/08 17:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/10/08 09:20:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/10 14:04:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/20 09:19:11 | 000,000,000 | ---D | M]

[2009/10/28 09:16:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kwong\Application Data\Mozilla\Extensions
[2010/10/15 10:57:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kwong\Application Data\Mozilla\Firefox\Profiles\03a9wkls.default\extensions
[2010/01/20 15:33:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kwong\Application Data\Mozilla\Firefox\Profiles\03a9wkls.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/15 09:46:41 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\Kwong\Application Data\Mozilla\Firefox\Profiles\03a9wkls.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/08/24 13:11:27 | 000,002,197 | ---- | M] () -- C:\Documents and Settings\Kwong\Application Data\Mozilla\Firefox\Profiles\03a9wkls.default\searchplugins\google-search.xml
[2009/10/28 09:16:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/05/04 09:20:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/08/24 13:11:27 | 000,002,197 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google-search.xml

O1 HOSTS File: ([2011/05/27 11:44:08 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll (McAfee, Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] File not found
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IN0XRCV] C:\WINDOWS\system32\spool\drivers\w32x86\3\IN0XRCV.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mctudll] C:\WINDOWS\system32\mctudll.exe (TODO: <Company name>)
O4 - HKLM..\Run: [mmtask] File not found
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe (McAfee, Inc.)
O4 - HKLM..\Run: [trutil5001] C:\WINDOWS\system32\trutil5001.exe (Magic Control Technology Corporation)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent(2).lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Kwong\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: travelers.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: travelers.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: travelerspc.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: travelerspc.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: safeco.com ([safesite] https in Trusted sites)
O15 - HKCU\..Trusted Domains: travelers.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: travelers.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: travelers.com ([agenthq] https in Trusted sites)
O15 - HKCU\..Trusted Domains: travelerspc.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: travelerspc.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://attwm3.webex...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://tcupload.appl...oad/XUpload.ocx (Persits Software XUpload)
O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} http://www.networkso...rueSwitchEC.exe (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\flowto {C7101FB0-28FB-11D5-883A-204C4F4F5021} - C:\Program Files\NetExchange Pro3.0\FlowHook.dll ()
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 15:15:00 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{40be80cc-551b-11dd-9ff1-00123f7233d6}\Shell - "" = AutoRun
O33 - MountPoints2\{40be80cc-551b-11dd-9ff1-00123f7233d6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{40be80cc-551b-11dd-9ff1-00123f7233d6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{a5d5f2e8-403b-11e0-a313-00123f7233d6}\Shell - "" = AutoRun
O33 - MountPoints2\{a5d5f2e8-403b-11e0-a313-00123f7233d6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a5d5f2e8-403b-11e0-a313-00123f7233d6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{eb30dbee-09d4-11df-a205-00123f7233d6}\Shell - "" = AutoRun
O33 - MountPoints2\{eb30dbee-09d4-11df-a205-00123f7233d6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{eb30dbee-09d4-11df-a205-00123f7233d6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/27 11:43:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/26 18:29:11 | 007,734,216 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kwong\Desktop\mel-wear-bites.exe
[2011/05/26 18:29:11 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kwong\Desktop\OTL.exe
[2011/05/26 17:49:48 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/05/26 17:47:43 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/05/26 17:47:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/05/26 17:47:31 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/05/26 17:36:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kwong\Recent
[2011/05/26 16:48:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/05/26 16:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kwong\Application Data\Malwarebytes
[2011/05/26 16:28:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/26 16:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/18 14:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kwong\Desktop\330 8th Street, 5C
[2011/05/10 09:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kwong\My Documents\My Meetings
[2011/05/10 09:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kwong\Tracing
[2011/05/10 09:50:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Live Meeting 2007
[2011/05/10 09:50:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Applications
[2011/05/02 10:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kwong\Desktop\Yamaha Piano Tuning

========== Files - Modified Within 30 Days ==========

[2011/05/27 11:59:24 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/05/27 11:57:42 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/27 11:57:29 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/27 11:57:15 | 000,000,880 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/27 11:56:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/27 11:44:08 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/27 11:26:00 | 000,000,884 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/26 19:42:41 | 000,000,097 | ---- | M] () -- C:\Documents and Settings\Kwong\Desktop\Fixing Inbox location.URL
[2011/05/26 18:43:15 | 000,055,808 | ---- | M] () -- C:\Documents and Settings\Kwong\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/26 18:09:23 | 000,001,356 | ---- | M] () -- C:\Documents and Settings\Kwong\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to SCANPST.EXE.lnk
[2011/05/26 17:50:21 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Kwong\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/05/26 17:49:47 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/05/26 17:47:48 | 000,000,804 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/05/26 17:46:20 | 000,001,549 | ---- | M] () -- C:\Documents and Settings\Kwong\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/05/26 17:05:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/26 16:49:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kwong\Desktop\OTL.exe
[2011/05/26 16:48:34 | 000,485,376 | ---- | M] () -- C:\Documents and Settings\Kwong\Desktop\RogueKiller.exe
[2011/05/26 15:34:31 | 000,032,038 | -H-- | M] () -- C:\WINDOWS\System32\Config.MPF
[2011/05/25 15:01:58 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Kwong\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2011/05/25 02:00:36 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/05/18 14:58:42 | 007,734,216 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kwong\Desktop\mel-wear-bites.exe
[2011/05/10 13:20:18 | 000,002,499 | ---- | M] () -- C:\Documents and Settings\Kwong\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel (2)(2).lnk
[2011/05/04 13:13:53 | 000,368,327 | ---- | M] () -- C:\Documents and Settings\Kwong\Desktop\Knob-and-tubes.jpg

========== Files Created - No Company Name ==========

[2011/05/26 19:42:41 | 000,000,097 | ---- | C] () -- C:\Documents and Settings\Kwong\Desktop\Fixing Inbox location.URL
[2011/05/26 18:29:12 | 000,485,376 | ---- | C] () -- C:\Documents and Settings\Kwong\Desktop\RogueKiller.exe
[2011/05/26 18:09:23 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\Kwong\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to SCANPST.EXE.lnk
[2011/05/26 17:50:21 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Kwong\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/05/26 17:47:48 | 000,000,804 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/05/26 17:46:20 | 000,001,549 | ---- | C] () -- C:\Documents and Settings\Kwong\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/05/26 16:50:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/04 13:20:14 | 000,368,327 | ---- | C] () -- C:\Documents and Settings\Kwong\Desktop\Knob-and-tubes.jpg
[2011/01/18 18:34:05 | 000,035,600 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/06 18:11:19 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\Transware.ini
[2009/12/31 11:24:21 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/12/31 11:24:20 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009/10/08 09:40:41 | 000,057,139 | ---- | C] () -- C:\Documents and Settings\Kwong\Application Data\NMM-MetaData.db
[2009/09/15 13:53:59 | 000,055,808 | ---- | C] () -- C:\Documents and Settings\Kwong\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/07 13:29:19 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/09/04 14:53:46 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Kwong.ini
[2009/06/20 16:48:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UTSCSI.EXE
[2009/04/29 12:06:19 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\UDLL.dll
[2009/04/29 12:06:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\mctudll.dll
[2008/10/04 10:19:08 | 000,000,162 | ---- | C] () -- C:\WINDOWS\msffile.ini
[2008/09/26 16:50:59 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2008/08/19 15:43:00 | 000,000,097 | ---- | C] () -- C:\WINDOWS\ccard100.ini
[2008/06/13 13:57:54 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll
[2008/05/17 10:35:00 | 000,001,056 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/17 10:35:00 | 000,000,103 | ---- | C] () -- C:\WINDOWS\odbcisam.ini
[2008/05/17 10:34:59 | 000,000,920 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/05/17 10:34:51 | 000,001,017 | ---- | C] () -- C:\WINDOWS\WINWORD6.INI
[2008/05/17 10:34:46 | 000,001,897 | ---- | C] () -- C:\WINDOWS\ARTGALRY.INI
[2008/05/17 10:34:39 | 000,000,124 | ---- | C] () -- C:\WINDOWS\GRAPH5.INI
[2008/05/17 10:34:37 | 000,002,124 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2008/05/17 10:34:36 | 000,001,607 | ---- | C] () -- C:\WINDOWS\EXCEL5.INI
[2008/05/17 10:34:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Winhelp.ini
[2008/05/17 10:34:20 | 000,000,535 | ---- | C] () -- C:\WINDOWS\MSTXTCNV.INI
[2008/05/17 10:34:15 | 000,002,041 | ---- | C] () -- C:\WINDOWS\MSFNTMAP.INI
[2008/05/17 10:34:07 | 000,000,280 | ---- | C] () -- C:\WINDOWS\TTEMBED.INI
[2008/03/26 12:50:06 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2008/02/25 16:30:21 | 000,196,696 | ---- | C] () -- C:\WINDOWS\_isusr32.dll
[2008/02/25 16:30:21 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\_isusr2k.dll
[2008/02/25 16:30:21 | 000,000,142 | -H-- | C] () -- C:\WINDOWS\System32\Uin0xMsg.dat
[2008/02/25 16:30:20 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\uin0x.dll
[2008/02/25 16:30:10 | 000,000,395 | -H-- | C] () -- C:\WINDOWS\System32\SCN2PM.DAT
[2007/11/26 12:00:32 | 000,000,055 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2007/11/26 12:00:32 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2007/11/26 11:47:31 | 000,001,175 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/11/26 11:47:31 | 000,000,426 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2007/11/26 11:47:31 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/11/26 11:47:31 | 000,000,065 | -H-- | C] () -- C:\WINDOWS\System32\BD7820N.dat
[2007/11/26 11:47:31 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/11/26 11:47:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2007/11/26 11:46:55 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2007/11/26 11:46:51 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\brdfxspd.dat
[2007/11/23 16:40:56 | 000,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini
[2007/05/17 09:53:14 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007/05/17 09:53:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2007/03/19 09:01:49 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/11/13 18:28:00 | 000,000,100 | -H-- | C] () -- C:\WINDOWS\System32\IN0ELMON.dat
[2006/11/13 18:21:52 | 000,000,100 | -H-- | C] () -- C:\WINDOWS\System32\IN0FLMON.dat
[2006/06/12 09:35:42 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/03/30 14:58:58 | 000,000,524 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/03/16 18:54:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/02/01 18:47:34 | 000,000,054 | ---- | C] () -- C:\WINDOWS\FSC.INI
[2005/12/31 11:42:21 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/12/31 11:42:02 | 000,000,142 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2005/12/31 11:41:16 | 000,000,687 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2005/11/09 15:40:30 | 000,006,550 | -H-- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/10/12 11:21:54 | 000,000,667 | ---- | C] () -- C:\WINDOWS\LIFW.INI
[2005/10/12 11:21:54 | 000,000,147 | ---- | C] () -- C:\WINDOWS\TOM.INI
[2005/09/29 09:15:32 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/09/29 09:15:32 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\A5DA682811.sys
[2005/09/15 21:22:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/15 21:17:19 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/09/15 21:14:58 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2005/09/15 20:52:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/09/15 20:52:40 | 000,081,342 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/09/15 20:52:18 | 000,000,394 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 15:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 15:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 15:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 15:12:14 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 15:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 15:07:24 | 000,004,806 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 15:06:43 | 000,165,120 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 15:00:30 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 15:00:28 | 000,442,466 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 15:00:28 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 15:00:28 | 000,071,732 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 15:00:28 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 15:00:27 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 15:00:26 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 15:00:24 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 15:00:19 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 15:00:19 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 15:00:12 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 15:00:04 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1997/11/21 18:03:20 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1997/09/30 14:30:02 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL

========== LOP Check ==========

[2011/05/10 09:50:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/02/04 15:13:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Cozi
[2008/05/09 13:27:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/10/08 09:18:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/10/08 09:25:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/12/06 17:03:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/07/21 13:42:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PlotSoft
[2010/01/07 11:14:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Transamerica
[2009/07/23 14:43:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/02/10 14:11:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/08 22:35:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/10/15 09:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kwong\Application Data\DVDVideoSoftIEHelpers
[2010/03/04 10:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kwong\Application Data\HotSync
[2009/08/12 15:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kwong\Application Data\Leadertech
[2009/10/16 15:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kwong\Application Data\Nokia
[2009/09/06 16:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kwong\Application Data\Oce
[2009/10/08 09:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kwong\Application Data\PC Suite
[2010/01/29 17:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kwong\Application Data\pdf995
[2009/07/24 13:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kwong\Application Data\ThumbsPlus
[2009/09/18 10:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kwong\Application Data\webex
[2011/05/27 11:57:42 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2008/02/15 02:05:53 | 000,000,362 | -H-- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/12/01 02:00:00 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========

< End of report >

MBR:

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-27 12:08:12
-----------------------------
12:08:12.046 OS Version: Windows 5.1.2600 Service Pack 3
12:08:12.046 Number of processors: 2 586 0x403
12:08:12.046 ComputerName: KWONGSCOMPUTER UserName: Kwong
12:08:13.796 Initialize success
12:08:44.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:08:44.015 Disk 0 Vendor: ST316002 8.12 Size: 152587MB BusType: 3
12:08:44.031 Disk 0 MBR read successfully
12:08:44.031 Disk 0 MBR scan
12:08:44.031 Disk 0 unknown MBR code
12:08:44.046 Disk 0 scanning sectors +312496380
12:08:44.078 Disk 0 scanning C:\WINDOWS\system32\drivers
12:08:49.453 Service scanning
12:08:51.953 Disk 0 trace - called modules:
12:08:51.968 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x866101ed]<<
12:08:51.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f93ab8]
12:08:51.984 3 CLASSPNP.SYS[f7512fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86f88030]
12:08:51.984 \Driver\iastor[0x86f46a08] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x866101ed
12:08:52.000 Scan finished successfully
12:11:43.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kwong\Desktop\MBR.dat"
12:11:43.484 The log file has been saved successfully to "C:\Documents and Settings\Kwong\Desktop\aswMBR.txt"

#4
Essexboy

Posted 27 May 2011 - 01:19 PM

GeekU Moderator

Retired Staff
69,964 posts

Hmm something a tad iffy there

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

#5
redleader74

Posted 27 May 2011 - 02:06 PM

Member

Topic Starter
Member
195 posts

Ok, some problems here. I downloaded the TDSSKiller Zip file, extracted the contents, but when I double click on the .exe, nothing happens, nothing launches, and no messages at all.

#6
Essexboy

Posted 27 May 2011 - 02:19 PM

GeekU Moderator

Retired Staff
69,964 posts

OK methinks my suspicions were correct, we will need to install the recovery console next as I may need to use it, so I will use combofix to do that for me

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#7
redleader74

Posted 27 May 2011 - 03:14 PM

Member

Topic Starter
Member
195 posts

Ok, here's the log from Combofix:

ComboFix 11-05-27.01 - Kwong 05/27/2011 14:04:38.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.457 [GMT -7:00]
Running from: c:\documents and settings\Kwong\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Kwong\g2mdlhlpx.exe
c:\documents and settings\Peter Chang\g2mdlhlpx.exe
c:\documents and settings\Peter Chang\My Documents\DPE.DUS
c:\documents and settings\Peter Chang\WINDOWS
c:\windows\winhelp.ini
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack

.
((((((((((((((((((((((((( Files Created from 2011-04-27 to 2011-05-27 )))))))))))))))))))))))))))))))
.
.
2011-05-27 18:43 . 2011-05-27 18:43 -------- d-----w- C:\_OTL
2011-05-27 00:49 . 2011-05-27 00:49 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-27 00:47 . 2011-05-25 09:00 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-05-27 00:47 . 2011-05-27 00:47 -------- d-----w- c:\program files\Lavasoft
2011-05-27 00:36 . 2011-05-27 00:36 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-26 23:28 . 2011-05-26 23:28 -------- d-----w- c:\documents and settings\Kwong\Application Data\Malwarebytes
2011-05-26 23:28 . 2011-05-26 23:28 -------- d--h--w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-26 23:27 . 2011-05-27 01:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-10 16:52 . 2011-05-10 17:05 -------- d-----w- c:\documents and settings\Kwong\Tracing
2011-05-10 16:51 . 2011-02-05 20:25 82696 ----a-w- c:\windows\system32\lmdimon8.dll
2011-05-10 16:51 . 2011-02-05 20:25 82184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lmdippr8.dll
2011-05-10 16:50 . 2011-05-10 16:50 -------- d--h--w- c:\documents and settings\All Users\Application Data\Applications
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2004-08-11 22:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-11 22:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-11 22:00 1857920 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]
"DellSupport"="c:\progra~1\DELLSU~1\DSAgnt.exe" [2006-08-29 395776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"IN0XRCV"="c:\windows\system32\spool\drivers\w32x86\3\IN0XRCV.exe" [2006-10-19 102400]
"trutil5001"="c:\windows\system32\trutil5001.exe" [2008-10-13 253952]
"mctudll"="c:\windows\system32\mctudll.exe" [2008-07-09 315392]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-04 148888]
"SiteAdvisor"="c:\program files\SiteAdvisor\6028\SiteAdv.exe" [2007-02-09 36904]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-09-16 26112]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-11-12 864256]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-30 339968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
.
c:\documents and settings\Peter Chang\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\msoffice\MSOFFICE.EXE [N/A]
palmOne Registration.lnk - c:\program files\palmOne\register.exe [2005-3-8 2301952]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office(2).lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickBooks Update Agent(2).lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [N/A]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\IN0XNJR.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/26/2011 5:47 PM 64512]
R3 TrgExGrp;TrgExGrp;c:\windows\system32\drivers\TrgExGrp.sys [4/29/2009 12:06 PM 19712]
R3 TrgMrGrp;TrgMrGrp;c:\windows\system32\drivers\TrgMrGrp.sys [4/29/2009 12:06 PM 20224]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/12/2010 12:01 PM 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [5/25/2011 2:00 AM 2151128]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/12/2010 12:01 PM 135664]
S3 trgusb;USB 2.0 Graphics Card;c:\windows\system32\drivers\trgusb.sys [4/29/2009 12:06 PM 62080]
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-05-25 09:00]
.
2011-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 19:01]
.
2011-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 19:01]
.
2008-02-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-24 20:32]
.
2009-12-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-24 20:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Kwong\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
Trusted Zone: safeco.com\safesite
Trusted Zone: travelers.com
Trusted Zone: travelers.com\agenthq
Trusted Zone: travelerspc.com
Trusted Zone: yahoo.com\www
Trusted Zone: travelers.com
Trusted Zone: travelerspc.com
TCP: DhcpNameServer = 10.1.10.1
Handler: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5021} - c:\progra~1\NETEXC~1.0\FlowHook.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - hxxp://www.networksolutionsemailpopwizard.com/TrueSwitchEC.exe
FF - ProfilePath - c:\documents and settings\Kwong\Application Data\Mozilla\Firefox\Profiles\03a9wkls.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-mmtask - c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe
HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-27 14:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-05-27 14:10:56
ComboFix-quarantined-files.txt 2011-05-27 21:10
.
Pre-Run: 118,083,842,048 bytes free
Post-Run: 119,271,890,944 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A15040B3AC1FDE4D113CBBB35529E2DE

#8
Essexboy

Posted 27 May 2011 - 03:23 PM

GeekU Moderator

Retired Staff
69,964 posts

OK that was good Combofix did the hard work for me

Could you now update Malwarebytes and run a quick scan please - posting the resultant log. Then let me know what problems you are still experiencing

#9
redleader74

Posted 27 May 2011 - 03:29 PM

Member

Topic Starter
Member
195 posts

uh oh, same prob I had yesterday...

I tried reinstalling Malwarebytes and half way through the installation I get an "Access is denied" pop up, with an "OK" button. I click on the "OK" and I get another erro, "Setup was not completed, Please correct the problem and run Setup again"

I should mention that before consulting geekstogo yesterday, I had installed and run Malwarebytes, which supposedly removed some of the virus. But then after I got everythign running again, Malwarebytes seemed to have disappeared (the folder in the C: drive is there, but the .exe is gone. When I tried to reinstall it (both yesterday and just now) into the same directory (assuming it just overwrites the previous install), I get the above error.

#10
Essexboy

Posted 27 May 2011 - 03:35 PM

GeekU Moderator

Retired Staff
69,964 posts

Could you uninstall Malwarebytes please and then download a fresh copy

If it still fails then uninstall it with Revo Uninstaller free and try again

#11
redleader74

Posted 27 May 2011 - 03:48 PM

Member

Topic Starter
Member
195 posts

Hmmmm, i can't seem to uninstall it because:

1. It is not showing up on the list of software in Revo Uinstaller
2. In the Malwarebytes folder there is also no uinstall executable.

#12
Essexboy

Posted 28 May 2011 - 04:13 AM

GeekU Moderator

Retired Staff
69,964 posts

If this should fail then re-run OTL and I will remove it manually

Download and run the Malwarebytes removal tool

#13
redleader74

Posted 01 June 2011 - 11:48 AM

Member

Topic Starter
Member
195 posts

Ok, I finally got Malwarebytes removed and reinstalled using the Malwarebytes removal tool you posted. I ran it again and here's the log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6746

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/1/2011 10:45:58 AM
mbam-log-2011-06-01 (10-45-58).txt

Scan type: Quick scan
Objects scanned: 188655
Time elapsed: 11 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#14
Essexboy

Posted 01 June 2011 - 11:51 AM

GeekU Moderator

Retired Staff
69,964 posts

How is the computer behaving ?

#15
redleader74

Posted 01 June 2011 - 11:59 AM

Member

Topic Starter
Member
195 posts

So far so good, no surprises. The only annoying thing is that the virus made all (or nearly all) of my files "hidden", which screws up things like desktop icons, tool bars, etc., and I'm having to manually go in and change the "hidden" setting.