Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

XP Many Problems HijackDesktop,Display etc, Win32 Palevo HELP PLEASE

Started by everythingsm , Jun 02 2011 11:20 AM

  • This topic is locked This topic is locked

#1
everythingsm
Posted 02 June 2011 - 11:20 AM

everythingsm

    Member

  • Member
  • PipPipPip
  • 171 posts
I recvd a Java File and the problems started. My Mcaffee quarratiened 2ea Trojans(211DB.545 Generic Dropper.vagent & 4131E3.SYS Generic Dropper.vagent .. maybe off with some of the info).

Then I started running My MalwareBytes and with Quickscan it found the below log. I then deleted the bad files and reboot as instructed by Malwarebytes.

5/30/2011 3:06:43 PM
mbam-log-2011-05-30 (15-06-43).txt

Scan type: Quick scan
Objects scanned: 166011
Time elapsed: 20 minute(s), 3 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
c:\documents and settings\all users\application data\ggepskfpxtp.exe (Trojan.FakeMS) -> 4164 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ggePSKfpxtP (Trojan.FakeMS) -> Value: ggePSKfpxtP -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\ggepskfpxtp.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

When my computer came back up No Desk Top, No Taskbar, NO Explorer, could not System Restore, can't update Windows files. I then ran programs (Malwarebytes = found nothing, SPybot = Win32Palevo, SuperAntiSypyare=0... ran these in Safe Mode & regular MODE). When my problem persist I tried a XP REPAIR(I've done this before and it fixed my problems. This time at XP REPAIR it hangs at the black Microsoft Screen with hour glass.. and does not complete the REPAIR. I do HARD REBOOT(turn computer on and off) and still have same problems. I went to folder options and checked SHOW HIDDEN FILES so I can see my files now that had dissappeared by data still on drive.

If possible as everyone says I would like to avoid a reformat if possible. I'm not great with computers but as you can see knowlegdeable enough to get myself in a very bad jam. Thanks in advance for any help. In desperate straits right now.




OTL Log
OTL logfile created on: 6/2/2011 10:07:44 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Scott\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 78.05% Memory free
4.83 Gb Paging File | 4.00 Gb Available in Paging File | 82.81% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 12.35 Gb Free Space | 2.65% Space Free | Partition Type: NTFS

Computer Name: SCOTT-213F49CC3 | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/02 10:07:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/04/14 14:01:38 | 000,141,792 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2011/04/05 11:50:44 | 001,195,408 | -H-- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/04/05 11:50:44 | 001,159,888 | -H-- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe
PRC - [2011/04/05 11:50:44 | 000,822,560 | -H-- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcupdate.exe
PRC - [2011/02/16 15:49:08 | 000,088,176 | -H-- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/10/07 21:34:28 | 000,364,216 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/10/12 21:24:50 | 002,000,112 | -H-- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | -H-- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2004/12/13 04:34:32 | 000,049,152 | -H-- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2011/06/02 10:07:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | -H-- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/14 14:01:38 | 000,188,136 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | -H-- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:01:38 | 000,141,792 | -H-- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2011/02/16 15:49:08 | 000,088,176 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/11/16 02:10:14 | 000,267,568 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/10/07 21:34:28 | 000,364,216 | -H-- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/06/30 16:56:22 | 001,352,832 | -H-- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/04/01 10:17:27 | 000,016,680 | -H-- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2007/08/09 00:27:52 | 000,073,728 | -H-- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/11/03 19:19:58 | 000,013,592 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2004/12/13 04:34:32 | 000,049,152 | -H-- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 14:01:38 | 000,387,480 | -H-- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:01:38 | 000,314,088 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,153,280 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,095,824 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:01:38 | 000,088,736 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 14:01:38 | 000,088,736 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,084,200 | -H-- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 14:01:38 | 000,056,064 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/06/05 14:11:21 | 000,064,288 | -H-- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/12/18 12:58:52 | 000,011,336 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/11/04 17:54:12 | 000,040,552 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/10/12 21:24:56 | 000,007,408 | RH-- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/12 21:24:54 | 000,009,968 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/12 21:24:52 | 000,074,480 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/09/16 10:22:14 | 000,034,248 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/09/02 18:08:28 | 004,812,288 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

FF - HKLM\software\mozilla\Firefox\Extensions\\{D561EA51-BE8C-4F11-B90E-18400C50D311}: C:\Documents and Settings\Scott\Local Settings\Application Data\{D561EA51-BE8C-4F11-B90E-18400C50D311} [2011/04/03 12:44:26 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/24 16:07:58 | 000,000,000 | -H-D | M]


O1 HOSTS File: ([2009/06/25 20:09:28 | 000,000,727 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110516154635.dll (McAfee, Inc.)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -521
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: download.microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: live.com ([help] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.microsoft.com ([]http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1306968218859 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1238625505953 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Key error. (Java Plug-in 1.6.0_25)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...570/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/01 10:05:02 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c5dd3256-418a-11de-9a81-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c5dd3256-418a-11de-9a81-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c5dd3256-418a-11de-9a81-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/02 10:07:03 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
[2011/06/02 07:59:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/02 07:59:06 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/06/02 07:59:06 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/02 07:59:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/02 07:59:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/02 07:57:59 | 000,887,072 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Scott\Desktop\jre-6u25-windows-i586-iftw.exe
[2011/06/02 07:47:41 | 000,607,294 | R--- | C] (Swearware) -- C:\Documents and Settings\Scott\Desktop\dds.scr
[2011/06/02 07:35:49 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Scott\Desktop\mbam-setup-1[1].51.0.1200.exe
[2011/06/02 07:13:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/05/31 17:30:49 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2011/05/31 17:30:48 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2011/05/31 16:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Application Data\InstallShield
[2011/05/31 14:42:55 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Scott\Desktop\IE8-WindowsXP-x86-ENU.exe
[2011/05/31 08:14:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/05/31 07:19:18 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2011/05/31 07:19:17 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2011/05/31 07:19:17 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2011/05/31 07:19:17 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2011/05/31 07:19:16 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2011/05/31 07:19:16 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2011/05/31 07:19:16 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2011/05/31 07:19:16 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2011/05/31 07:19:15 | 000,364,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2011/05/31 07:19:15 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2011/05/31 07:19:15 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2011/05/31 07:19:15 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2011/05/31 07:19:14 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2011/05/31 07:19:14 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2011/05/31 07:19:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2011/05/31 07:19:14 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2011/05/31 07:19:13 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2011/05/31 07:19:13 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2011/05/31 07:19:11 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2011/05/31 07:19:11 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2011/05/31 07:19:10 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2011/05/31 07:19:10 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2011/05/31 07:19:09 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2011/05/31 07:19:08 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2011/05/31 07:19:08 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2011/05/31 07:19:08 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2011/05/31 07:19:08 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2011/05/31 07:19:08 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2011/05/31 07:19:08 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2011/05/31 07:19:07 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2011/05/31 07:19:07 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2011/05/31 07:19:05 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2011/05/31 07:19:05 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2011/05/31 07:19:04 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2011/05/31 07:19:04 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2011/05/31 07:19:04 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2011/05/31 07:19:02 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2011/05/31 07:19:02 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2011/05/31 07:19:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2011/05/31 07:19:01 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2011/05/31 07:19:01 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2011/05/31 07:19:01 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2011/05/31 07:19:01 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2011/05/31 07:19:01 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2011/05/31 07:19:01 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2011/05/31 07:19:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2011/05/31 07:19:00 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2011/05/31 07:19:00 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2011/05/31 07:19:00 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll
[2011/05/31 07:18:59 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2011/05/31 07:18:59 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2011/05/31 07:18:59 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2011/05/31 07:18:59 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2011/05/31 07:18:59 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2011/05/31 07:18:59 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2011/05/31 07:18:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2011/05/31 07:18:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2011/05/31 07:18:58 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2011/05/31 07:18:58 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2011/05/31 07:18:58 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2011/05/31 07:18:58 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2011/05/31 07:18:58 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2011/05/31 07:18:58 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2011/05/31 07:18:58 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2011/05/31 07:18:58 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2011/05/31 07:18:57 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2011/05/31 07:18:57 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2011/05/31 07:18:54 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2011/05/31 07:18:53 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll
[2011/05/31 07:18:53 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2011/05/31 07:18:52 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/05/31 07:18:52 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/05/31 07:18:52 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/05/31 07:18:52 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2011/05/31 07:18:52 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll
[2011/05/31 07:18:51 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2011/05/31 07:18:51 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2011/05/31 07:18:50 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2011/05/31 07:18:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2011/05/31 07:18:48 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2011/05/31 07:18:48 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2011/05/31 07:18:48 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2011/05/31 07:18:47 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2011/05/31 07:18:47 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2011/05/31 07:18:45 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2011/05/31 07:18:45 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2011/05/31 07:18:45 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2011/05/31 07:18:45 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2011/05/31 07:18:45 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2011/05/31 07:18:45 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2011/05/31 07:18:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2011/05/31 07:18:44 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2011/05/31 07:18:44 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2011/05/31 07:18:43 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2011/05/31 07:18:43 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2011/05/31 07:18:43 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2011/05/31 07:18:43 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2011/05/31 07:18:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2011/05/31 07:18:40 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2011/05/31 07:18:39 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2011/05/31 07:18:39 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2011/05/31 07:18:37 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2011/05/31 07:18:36 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2011/05/31 07:18:32 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2011/05/31 07:18:32 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2011/05/31 07:18:26 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2011/05/31 07:18:26 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2011/05/31 07:18:25 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2011/05/31 07:18:25 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2011/05/31 07:18:25 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2011/05/31 07:18:25 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2011/05/31 07:18:24 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2011/05/31 07:18:24 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2011/05/31 07:18:23 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2011/05/31 07:18:23 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2011/05/31 07:18:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2011/05/31 07:18:22 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2011/05/31 07:18:22 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2011/05/31 07:18:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2011/05/31 07:18:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2011/05/31 07:18:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2011/05/31 07:18:20 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2011/05/31 07:18:20 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2011/05/31 07:18:20 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2011/05/31 07:18:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2011/05/31 07:18:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2011/05/31 07:18:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2011/05/31 07:18:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2011/05/31 07:18:19 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2011/05/31 07:18:19 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2011/05/31 07:18:19 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2011/05/31 07:18:19 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2011/05/31 07:18:19 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2011/05/31 07:18:19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2011/05/31 07:18:19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2011/05/31 07:18:19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2011/05/31 07:18:18 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2011/05/31 07:18:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2011/05/31 07:18:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2011/05/31 07:18:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2011/05/31 07:18:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2011/05/31 07:18:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2011/05/31 07:18:18 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2011/05/31 07:18:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2011/05/31 07:18:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2011/05/31 07:18:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2011/05/31 07:18:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2011/05/31 07:18:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2011/05/31 07:18:17 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2011/05/31 07:18:17 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2011/05/31 07:18:16 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2011/05/31 07:18:16 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2011/05/31 07:18:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2011/05/31 07:18:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2011/05/31 07:18:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2011/05/31 07:18:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2011/05/31 07:18:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2011/05/31 07:18:15 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2011/05/31 07:18:15 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2011/05/31 07:18:15 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2011/05/31 07:18:14 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2011/05/31 07:18:14 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2011/05/31 07:18:14 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2011/05/31 07:18:13 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2011/05/31 07:18:13 | 000,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2011/05/31 07:18:13 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2011/05/31 07:18:13 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2011/05/31 07:18:13 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2011/05/31 07:18:13 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2011/05/31 07:18:13 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2011/05/31 07:18:12 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2011/05/31 07:18:12 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2011/05/31 07:18:12 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2011/05/31 07:18:12 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2011/05/31 07:18:12 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2011/05/31 07:18:12 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2011/05/31 07:18:12 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2011/05/31 07:18:12 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2011/05/31 07:18:11 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2011/05/31 07:18:11 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2011/05/31 07:18:11 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2011/05/31 07:18:11 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2011/05/31 07:18:11 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2011/05/31 07:18:11 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2011/05/31 07:18:11 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2011/05/31 07:18:11 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2011/05/31 07:18:10 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2011/05/31 07:18:10 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2011/05/31 07:18:10 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2011/05/31 07:18:10 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2011/05/31 07:18:10 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2011/05/31 07:18:10 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2011/05/31 07:18:10 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2011/05/31 07:18:10 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2011/05/31 07:18:07 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2011/05/31 07:18:04 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2011/05/31 07:18:04 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2011/05/31 07:18:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2011/05/31 07:18:04 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2011/05/31 07:18:04 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2011/05/31 07:18:03 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2011/05/31 07:18:03 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2011/05/31 07:18:02 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2011/05/31 07:18:02 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2011/05/31 07:18:01 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2011/05/31 07:18:01 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2011/05/31 07:18:01 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2011/05/31 07:18:01 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2011/05/31 07:18:01 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2011/05/31 07:18:01 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2011/05/31 07:18:01 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2011/05/31 07:18:01 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2011/05/31 07:18:01 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2011/05/31 07:18:00 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2011/05/31 07:18:00 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2011/05/31 07:18:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2011/05/31 07:18:00 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2011/05/31 07:18:00 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2011/05/31 07:18:00 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2011/05/31 07:18:00 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2011/05/31 07:18:00 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2011/05/31 07:18:00 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2011/05/31 07:18:00 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2011/05/31 07:17:59 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2011/05/31 07:17:59 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2011/05/31 07:17:59 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2011/05/31 07:17:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2011/05/31 07:17:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2011/05/31 07:17:58 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2011/05/31 07:17:58 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2011/05/31 07:17:58 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2011/05/31 07:17:57 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2011/05/31 07:17:57 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2011/05/31 07:17:57 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2011/05/31 07:17:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2011/05/31 07:17:57 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2011/05/31 07:17:56 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2011/05/31 07:17:56 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2011/05/31 07:17:56 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2011/05/31 07:17:56 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2011/05/31 07:17:56 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2011/05/31 07:17:49 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2011/05/31 07:17:49 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2011/05/31 07:17:47 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2011/05/31 07:17:47 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2011/05/31 07:17:47 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2011/05/31 07:17:47 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2011/05/31 07:17:46 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2011/05/31 07:17:46 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2011/05/31 07:17:45 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2011/05/31 07:17:45 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2011/05/31 07:17:45 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2011/05/31 07:17:44 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2011/05/31 07:17:44 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2011/05/31 07:17:44 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2011/05/31 07:17:44 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2011/05/31 07:17:44 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2011/05/31 07:17:44 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2011/05/31 07:17:43 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2011/05/31 07:17:43 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/05/31 07:17:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2011/05/31 07:17:43 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2011/05/31 07:17:42 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2011/05/31 07:17:42 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2011/05/31 07:17:42 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2011/05/31 07:17:35 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2011/05/31 07:17:34 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2011/05/31 07:17:33 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2011/05/31 07:17:33 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2011/05/31 07:17:33 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2011/05/31 07:17:32 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2011/05/31 07:17:32 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2011/05/31 07:17:32 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2011/05/31 07:17:32 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2011/05/31 07:17:31 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2011/05/31 07:17:31 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2011/05/31 07:17:31 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2011/05/31 07:17:31 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2011/05/31 07:17:31 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2011/05/31 07:17:30 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2011/05/31 07:17:30 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2011/05/31 07:17:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2011/05/31 07:17:30 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2011/05/31 07:17:26 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2011/05/31 07:17:26 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2011/05/31 07:17:26 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2011/05/31 07:17:25 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsnap.dll
[2011/05/31 07:17:25 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll
[2011/05/31 07:17:25 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2011/05/31 07:17:25 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2011/05/31 07:17:24 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2011/05/31 07:17:20 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2011/05/31 07:17:20 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2011/05/31 07:17:20 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2011/05/31 07:17:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2011/05/31 07:17:19 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2011/05/31 07:17:19 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2011/05/31 07:17:19 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2011/05/31 07:17:19 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2011/05/31 07:17:19 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2011/05/31 07:17:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2011/05/31 07:17:19 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2011/05/31 07:17:19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2011/05/31 07:17:18 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2011/05/31 07:17:18 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2011/05/31 07:17:18 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2011/05/31 07:17:18 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2011/05/31 07:17:18 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2011/05/31 07:17:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2011/05/31 07:17:17 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2011/05/31 07:17:17 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2011/05/31 07:17:17 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2011/05/31 07:17:17 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2011/05/31 07:17:17 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2011/05/31 07:17:17 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2011/05/31 07:17:17 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2011/05/31 07:17:17 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2011/05/31 07:17:17 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2011/05/31 07:17:16 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2011/05/31 07:17:16 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2011/05/31 07:17:16 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2011/05/31 07:17:15 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2011/05/31 07:17:15 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2011/05/31 07:17:15 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2011/05/31 07:17:15 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2011/05/31 07:17:15 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2011/05/31 07:17:14 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2011/05/31 07:17:14 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2011/05/31 07:17:14 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2011/05/31 07:17:13 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2011/05/31 07:17:13 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2011/05/31 07:17:12 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2011/05/31 07:03:52 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2011/05/31 07:03:52 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2011/05/31 07:03:52 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2011/05/31 07:03:52 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2011/05/31 05:39:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2011/05/31 02:19:40 | 000,000,000 | ---D | C] -- C:\ads
[2011/05/30 19:20:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2011/05/30 15:05:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Scott\Recent
[2011/05/30 10:06:56 | 000,000,000 | -H-D | C] -- C:\RECOVERY
[2011/05/18 14:55:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Scott\Start Menu\Programs\HiJackThis
[2011/05/18 14:55:09 | 000,000,000 | -H-D | C] -- C:\Program Files\Trend Micro
[72 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[18 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/02 10:07:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
[2011/06/02 09:15:43 | 000,002,515 | -H-- | M] () -- C:\Documents and Settings\Scott\Desktop\Microsoft Office Word 2007.lnk
[2011/06/02 07:58:02 | 000,887,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Scott\Desktop\jre-6u25-windows-i586-iftw.exe
[2011/06/02 07:47:44 | 000,607,294 | R--- | M] (Swearware) -- C:\Documents and Settings\Scott\Desktop\dds.scr
[2011/06/02 07:38:05 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\uioh329i.exe
[2011/06/02 07:35:59 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Scott\Desktop\mbam-setup-1[1].51.0.1200.exe
[2011/06/02 07:16:33 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/02 07:13:55 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/02 07:13:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/01 20:09:15 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/06/01 16:56:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/31 18:37:10 | 000,000,321 | -HS- | M] () -- C:\boot.ini
[2011/05/31 17:32:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/31 14:42:55 | 016,883,056 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Scott\Desktop\IE8-WindowsXP-x86-ENU.exe
[2011/05/31 10:44:04 | 000,009,272 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\hijackthis053111
[2011/05/31 08:56:34 | 000,000,833 | -H-- | M] () -- C:\Documents and Settings\Scott\Desktop\Internet Explorer (No Add-ons) (2).lnk
[2011/05/31 08:13:36 | 000,156,360 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/31 07:20:50 | 002,015,808 | -H-- | M] () -- C:\WINDOWS\iis6.BAK
[2011/05/31 07:20:13 | 000,000,316 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/05/31 07:16:55 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/05/31 07:16:55 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/05/31 07:16:55 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/05/31 07:16:42 | 000,004,161 | -H-- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/31 07:14:29 | 000,023,376 | -H-- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/05/30 20:27:48 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/05/30 20:02:06 | 000,336,111 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2011/05/30 19:44:18 | 000,005,120 | -H-- | M] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/27 14:52:37 | 000,016,386 | -HS- | M] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\s7846w86gi86yo4j3444wfp8hl
[2011/05/27 14:52:37 | 000,016,386 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\s7846w86gi86yo4j3444wfp8hl
[2011/05/25 09:20:40 | 019,071,424 | -H-- | M] () -- C:\Documents and Settings\Scott\Desktop\WatchmanCryBroadcast_162.mp3
[2011/05/17 08:58:45 | 000,082,109 | -H-- | M] () -- C:\Documents and Settings\Scott\Desktop\Coupons_FullServiceOilCharg.pdf
[72 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[18 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/02 07:38:04 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\uioh329i.exe
[2011/05/31 10:44:04 | 000,009,272 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\hijackthis053111
[2011/05/31 08:56:34 | 000,000,833 | -H-- | C] () -- C:\Documents and Settings\Scott\Desktop\Internet Explorer (No Add-ons) (2).lnk
[2011/05/31 07:18:44 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/05/31 07:18:22 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/05/31 07:18:13 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/05/31 07:18:12 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/05/31 07:18:11 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/05/31 07:18:06 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/05/31 07:18:03 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/05/31 07:17:58 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2011/05/31 07:17:44 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/05/31 07:03:41 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2011/05/31 07:03:41 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2011/05/31 07:03:41 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2011/05/31 07:03:41 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2011/05/31 07:03:41 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2011/05/31 07:03:41 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/05/31 07:03:41 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/05/31 07:03:41 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/05/31 07:03:40 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/05/31 07:03:40 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2011/05/31 07:03:40 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/05/31 07:03:40 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/05/31 07:03:40 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/05/31 07:03:40 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/05/31 07:03:40 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/05/31 07:03:40 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/05/31 07:03:40 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/05/31 07:03:39 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/05/30 20:27:48 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/05/30 19:59:55 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Scott\Start Menu\Programs\Windows Media Player.lnk
[2011/05/30 19:20:36 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/05/27 14:35:24 | 000,016,386 | -HS- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\s7846w86gi86yo4j3444wfp8hl
[2011/05/27 14:35:24 | 000,016,386 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\s7846w86gi86yo4j3444wfp8hl
[2011/05/25 09:21:10 | 019,071,424 | -H-- | C] () -- C:\Documents and Settings\Scott\Desktop\WatchmanCryBroadcast_162.mp3
[2011/05/17 08:58:45 | 000,082,109 | -H-- | C] () -- C:\Documents and Settings\Scott\Desktop\Coupons_FullServiceOilCharg.pdf
[2011/03/24 14:07:51 | 000,015,046 | -HS- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\5llj73pab5ow78267s3g78222pw8wce7t1f07y0s2g1c17j
[2011/03/24 14:07:51 | 000,015,046 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5llj73pab5ow78267s3g78222pw8wce7t1f07y0s2g1c17j
[2010/10/19 13:47:28 | 000,085,504 | -H-- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/10/07 19:20:22 | 000,054,016 | -H-- | C] () -- C:\WINDOWS\System32\drivers\ikdv.sys
[2010/08/25 21:01:57 | 000,054,016 | -H-- | C] () -- C:\WINDOWS\System32\drivers\neqiptb.sys
[2010/08/25 15:38:13 | 000,000,120 | -H-- | C] () -- C:\WINDOWS\Xxadoxebod.dat
[2010/08/25 15:38:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Ybacafesuj.bin
[2010/07/18 18:36:03 | 000,054,016 | -H-- | C] () -- C:\WINDOWS\System32\drivers\evner.sys
[2010/07/09 20:06:31 | 000,054,016 | -H-- | C] () -- C:\WINDOWS\System32\drivers\hpuuq.sys
[2010/06/29 19:42:05 | 000,054,016 | -H-- | C] () -- C:\WINDOWS\System32\drivers\dhvgfg.sys
[2010/06/28 18:02:47 | 000,054,016 | -H-- | C] () -- C:\WINDOWS\System32\drivers\uddox.sys
[2010/06/07 22:23:16 | 000,054,016 | -H-- | C] () -- C:\WINDOWS\System32\drivers\ojsk.sys
[2010/05/23 19:55:50 | 000,054,016 | -H-- | C] () -- C:\WINDOWS\System32\drivers\nxteocg.sys
[2010/02/13 22:54:05 | 000,116,764 | -H-- | C] () -- C:\WINDOWS\hpoins11.dat
[2010/02/13 14:55:19 | 000,000,221 | -H-- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2009/12/28 22:24:57 | 000,054,016 | -H-- | C] () -- C:\WINDOWS\System32\drivers\kcuyf.sys
[2009/12/11 19:46:18 | 000,003,584 | -H-- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/08 23:18:31 | 000,001,324 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/21 11:00:54 | 000,087,552 | -H-- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/08/15 14:57:02 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2009/08/03 16:07:42 | 000,403,816 | -H-- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | -H-- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/26 14:05:32 | 000,015,880 | -H-- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/06/16 11:44:03 | 000,000,059 | -H-- | C] () -- C:\WINDOWS\wpd99.drv
[2009/06/16 11:03:31 | 000,176,235 | -H-- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/05/26 12:09:23 | 000,000,575 | -H-- | C] () -- C:\WINDOWS\WININIT.INI
[2009/04/15 16:12:53 | 000,093,684 | -H-- | C] () -- C:\WINDOWS\hpqins07.dat.temp
[2009/04/15 14:45:44 | 000,094,084 | -H-- | C] () -- C:\WINDOWS\hpqins07.dat
[2009/04/08 08:33:12 | 000,168,448 | -H-- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/04/06 12:13:57 | 000,117,369 | -H-- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2009/04/06 12:13:57 | 000,011,634 | -H-- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2009/04/03 07:30:12 | 000,005,120 | -H-- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/02 07:26:08 | 000,077,824 | RH-- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/04/01 10:20:03 | 000,204,800 | -H-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2009/04/01 10:06:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/04/01 10:02:50 | 000,023,376 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/04/01 01:57:30 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/01 01:56:36 | 000,156,360 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 22:59:42 | 000,018,904 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 05:00:00 | 000,600,466 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 05:00:00 | 000,118,246 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 05:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/09/27 11:51:02 | 000,020,698 | -H-- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | -H-- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | -H-- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/04/19 16:14:31 | 000,011,634 | -H-- | C] () -- C:\WINDOWS\hpomdl11.dat
[2005/04/15 09:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/15 09:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/07 03:00:00 | 000,003,399 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Scott\.plugin141_07.trace:SummaryInformation

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 02 June 2011 - 12:45 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets unhide the files and folders first, then remove some remnants. Once done can you let me know what problems remain

Download Unhide.exe to your desktop and run

ONCE COMPLETED

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    FF - HKLM\software\mozilla\Firefox\Extensions\\{D561EA51-BE8C-4F11-B90E-18400C50D311}: C:\Documents and Settings\Scott\Local Settings\Application Data\{D561EA51-BE8C-4F11-B90E-18400C50D311} [2011/04/03 12:44:26 | 000,000,000 | -H-D | M]
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    [2011/05/27 14:52:37 | 000,016,386 | -HS- | M] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\s7846w86gi86yo4j3444wfp8hl
    [2011/05/27 14:52:37 | 000,016,386 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\s7846w86gi86yo4j3444wfp8hl
    [2011/06/02 07:38:04 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\uioh329i.exe
    [2011/03/24 14:07:51 | 000,015,046 | -HS- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\5llj73pab5ow78267s3g78222pw8wce7t1f07y0s2g1c17j
    [2011/03/24 14:07:51 | 000,015,046 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5llj73pab5ow78267s3g78222pw8wce7t1f07y0s2g1c17j

    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\Scott\Local Settings\Application Data\s7846w86gi86yo4j3444wfp8hl
    C:\Documents and Settings\All Users\Application Data\s7846w86gi86yo4j3444wfp8hl
    C:\Documents and Settings\Scott\Local Settings\Application Data\5llj73pab5ow78267s3g78222pw8wce7t1f07y0s2g1c17j
    C:\Documents and Settings\All Users\Application Data\5llj73pab5ow78267s3g78222pw8wce7t1f07y0s2g1c17j

    :Commands
    [purity]
    [resethosts]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#3
everythingsm
Posted 02 June 2011 - 01:23 PM

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts
Essexboy thanks so much for responding to my havoc.. your magic I can see my files again.

Below is the new log.



OTL logfile created on: 6/2/2011 12:10:04 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Scott\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 71.87% Memory free
4.83 Gb Paging File | 4.14 Gb Available in Paging File | 85.67% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 12.34 Gb Free Space | 2.65% Space Free | Partition Type: NTFS

Computer Name: SCOTT-213F49CC3 | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/02 10:07:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2011/04/05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/06/30 16:56:22 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/06/16 05:59:30 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | -H-- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2011/06/02 10:07:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/11/16 02:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/06/30 16:56:22 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/04/01 10:17:27 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2007/08/09 00:27:52 | 000,073,728 | -H-- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 14:01:38 | 000,387,480 | -H-- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:01:38 | 000,314,088 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,153,280 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,095,824 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:01:38 | 000,088,736 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 14:01:38 | 000,088,736 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,084,200 | -H-- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 14:01:38 | 000,056,064 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/06/05 14:11:21 | 000,064,288 | -H-- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/12/18 12:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/11/04 17:54:12 | 000,040,552 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/10/12 21:24:56 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/12 21:24:54 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/12 21:24:52 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/09/16 10:22:14 | 000,034,248 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/09/02 18:08:28 | 004,812,288 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/24 16:07:58 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/06/02 12:02:55 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110516154635.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -521
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: download.microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: live.com ([help] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.microsoft.com ([]http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1306968218859 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1238625505953 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Key error. (Java Plug-in 1.6.0_25)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...570/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/01 10:05:02 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c5dd3256-418a-11de-9a81-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c5dd3256-418a-11de-9a81-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c5dd3256-418a-11de-9a81-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/02 12:06:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/06/02 12:02:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/02 11:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Application Data\vlc
[2011/06/02 10:07:03 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
[2011/06/02 07:59:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/02 07:47:41 | 000,607,294 | R--- | C] (Swearware) -- C:\Documents and Settings\Scott\Desktop\dds.scr
[2011/06/02 07:35:49 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Scott\Desktop\mbam-setup-1[1].51.0.1200.exe
[2011/05/31 16:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Application Data\InstallShield
[2011/05/31 08:14:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/05/31 07:18:52 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/05/31 07:18:52 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/05/31 07:18:52 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/05/31 07:17:43 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/05/31 05:39:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2011/05/31 02:19:40 | 000,000,000 | ---D | C] -- C:\ads
[2011/05/30 15:05:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Scott\Recent
[2011/05/30 10:06:56 | 000,000,000 | -H-D | C] -- C:\RECOVERY
[2011/05/18 14:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Start Menu\Programs\HiJackThis
[2011/05/18 14:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[72 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[18 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/02 12:09:21 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/02 12:08:25 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/02 12:07:03 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/02 12:06:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/02 12:02:55 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/02 11:55:59 | 000,606,105 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\unhide.exe
[2011/06/02 10:07:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
[2011/06/02 09:15:43 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\Microsoft Office Word 2007.lnk
[2011/06/02 07:47:44 | 000,607,294 | R--- | M] (Swearware) -- C:\Documents and Settings\Scott\Desktop\dds.scr
[2011/06/02 07:35:59 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Scott\Desktop\mbam-setup-1[1].51.0.1200.exe
[2011/06/01 20:09:15 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/05/31 18:37:10 | 000,000,321 | -HS- | M] () -- C:\boot.ini
[2011/05/31 17:32:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/31 10:44:04 | 000,009,272 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\hijackthis053111
[2011/05/31 08:56:34 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\Internet Explorer (No Add-ons) (2).lnk
[2011/05/31 08:13:36 | 000,156,360 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/31 07:20:50 | 002,015,808 | -H-- | M] () -- C:\WINDOWS\iis6.BAK
[2011/05/31 07:20:13 | 000,000,316 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/05/31 07:16:55 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/05/31 07:16:55 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/05/31 07:16:55 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/05/31 07:16:42 | 000,004,161 | -H-- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/31 07:14:29 | 000,023,376 | -H-- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/05/30 20:27:48 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/05/30 20:02:06 | 000,336,111 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2011/05/30 19:44:18 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/25 09:20:40 | 019,071,424 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\WatchmanCryBroadcast_162.mp3
[2011/05/17 08:58:45 | 000,082,109 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\Coupons_FullServiceOilCharg.pdf
[72 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[18 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/02 11:55:56 | 000,606,105 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\unhide.exe
[2011/05/31 10:44:04 | 000,009,272 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\hijackthis053111
[2011/05/31 08:56:34 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\Internet Explorer (No Add-ons) (2).lnk
[2011/05/31 07:18:44 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/05/31 07:18:22 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/05/31 07:18:13 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/05/31 07:18:12 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/05/31 07:18:11 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/05/31 07:18:06 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/05/31 07:18:03 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/05/31 07:17:58 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2011/05/31 07:17:44 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/05/31 07:03:41 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2011/05/31 07:03:41 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2011/05/31 07:03:41 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2011/05/31 07:03:41 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2011/05/31 07:03:41 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2011/05/31 07:03:41 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/05/31 07:03:41 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/05/31 07:03:41 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/05/31 07:03:40 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/05/31 07:03:40 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2011/05/31 07:03:40 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/05/31 07:03:40 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/05/31 07:03:40 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/05/31 07:03:40 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/05/31 07:03:40 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/05/31 07:03:40 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/05/31 07:03:40 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/05/31 07:03:39 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/05/30 20:27:48 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/05/30 19:59:55 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Scott\Start Menu\Programs\Windows Media Player.lnk
[2011/05/30 19:20:36 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/05/25 09:21:10 | 019,071,424 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\WatchmanCryBroadcast_162.mp3
[2011/05/17 08:58:45 | 000,082,109 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\Coupons_FullServiceOilCharg.pdf
[2010/10/19 13:47:28 | 000,085,504 | -H-- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/10/07 19:20:22 | 000,054,016 | -H-- | C] () -- C:\WINDOWS\System32\drivers\ikdv.sys
[2010/08/25 21:01:57 | 000,054,016 | -H-- | C] () -- C:\WINDOWS\System32\drivers\neqiptb.sys
[2010/08/25 15:38:13 | 000,000,120 | -H-- | C] () -- C:\WINDOWS\Xxadoxebod.dat
[2010/08/25 15:38:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Ybacafesuj.bin
[2010/07/18 18:36:03 | 000,054,016 | -H-- | C] () -- C:\WINDOWS\System32\drivers\evner.sys
[2010/07/09 20:06:31 | 000,054,016 | -H-- | C] () -- C:\WINDOWS\System32\drivers\hpuuq.sys
[2010/06/29 19:42:05 | 000,054,016 | -H-- | C] () -- C:\WINDOWS\System32\drivers\dhvgfg.sys
[2010/06/28 18:02:47 | 000,054,016 | -H-- | C] () -- C:\WINDOWS\System32\drivers\uddox.sys
[2010/06/07 22:23:16 | 000,054,016 | -H-- | C] () -- C:\WINDOWS\System32\drivers\ojsk.sys
[2010/05/23 19:55:50 | 000,054,016 | -H-- | C] () -- C:\WINDOWS\System32\drivers\nxteocg.sys
[2010/02/13 22:54:05 | 000,116,764 | -H-- | C] () -- C:\WINDOWS\hpoins11.dat
[2010/02/13 14:55:19 | 000,000,221 | -H-- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2009/12/28 22:24:57 | 000,054,016 | -H-- | C] () -- C:\WINDOWS\System32\drivers\kcuyf.sys
[2009/12/11 19:46:18 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/08 23:18:31 | 000,001,324 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/21 11:00:54 | 000,087,552 | -H-- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/08/15 14:57:02 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2009/08/03 16:07:42 | 000,403,816 | -H-- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | -H-- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/26 14:05:32 | 000,015,880 | -H-- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/06/16 11:44:03 | 000,000,059 | -H-- | C] () -- C:\WINDOWS\wpd99.drv
[2009/06/16 11:03:31 | 000,176,235 | -H-- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/05/26 12:09:23 | 000,000,575 | -H-- | C] () -- C:\WINDOWS\WININIT.INI
[2009/04/15 16:12:53 | 000,093,684 | -H-- | C] () -- C:\WINDOWS\hpqins07.dat.temp
[2009/04/15 14:45:44 | 000,094,084 | -H-- | C] () -- C:\WINDOWS\hpqins07.dat
[2009/04/08 08:33:12 | 000,168,448 | -H-- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/04/06 12:13:57 | 000,117,369 | -H-- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2009/04/06 12:13:57 | 000,011,634 | -H-- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2009/04/03 07:30:12 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/02 07:26:08 | 000,077,824 | RH-- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/04/01 10:20:03 | 000,204,800 | -H-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2009/04/01 10:06:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/04/01 10:02:50 | 000,023,376 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/04/01 01:57:30 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/01 01:56:36 | 000,156,360 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 22:59:42 | 000,018,904 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 05:00:00 | 000,600,466 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 05:00:00 | 000,118,246 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 05:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/09/27 11:51:02 | 000,020,698 | -H-- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | -H-- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | -H-- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/04/19 16:14:31 | 000,011,634 | -H-- | C] () -- C:\WINDOWS\hpomdl11.dat
[2005/04/15 09:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/15 09:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/07 03:00:00 | 000,003,399 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/10/03 11:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2009/04/01 10:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/02/19 20:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/06/16 11:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/04/02 10:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/04/02 10:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/04/03 11:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/05/05 11:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2009/04/02 12:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/02/20 10:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009/04/06 13:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/18 02:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Cuni
[2009/04/07 11:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Explorer for Outlook Express
[2010/09/21 17:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Idokt
[2010/10/07 19:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Ifahi
[2009/05/20 18:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\ImgBurn
[2010/07/10 20:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Lakowe
[2010/02/21 12:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Research In Motion
[2009/07/28 12:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Scan2PDF
[2011/06/02 12:08:25 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/06/02 12:09:21 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Scott\.plugin141_07.trace:SummaryInformation

< End of report >
  • 0

#4
Essexboy
Posted 02 June 2011 - 02:47 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Well lookee what that revealed :)

On completion of this run can you let me know what problems remain

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Key error. (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    [2011/05/31 02:19:40 | 000,000,000 | ---D | C] -- C:\ads
    [2010/08/25 21:01:57 | 000,054,016 | -H-- | C] () -- C:\WINDOWS\System32\drivers\neqiptb.sys
    [2010/08/25 15:38:13 | 000,000,120 | -H-- | C] () -- C:\WINDOWS\Xxadoxebod.dat
    [2010/08/25 15:38:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Ybacafesuj.bin
    [2010/07/18 18:36:03 | 000,054,016 | -H-- | C] () -- C:\WINDOWS\System32\drivers\evner.sys
    [2010/07/09 20:06:31 | 000,054,016 | -H-- | C] () -- C:\WINDOWS\System32\drivers\hpuuq.sys
    [2010/06/29 19:42:05 | 000,054,016 | -H-- | C] () -- C:\WINDOWS\System32\drivers\dhvgfg.sys
    [2010/06/28 18:02:47 | 000,054,016 | -H-- | C] () -- C:\WINDOWS\System32\drivers\uddox.sys
    [2010/06/07 22:23:16 | 000,054,016 | -H-- | C] () -- C:\WINDOWS\System32\drivers\ojsk.sys
    [2010/05/23 19:55:50 | 000,054,016 | -H-- | C] () -- C:\WINDOWS\System32\drivers\nxteocg.sys
    [2010/10/07 19:20:22 | 000,054,016 | -H-- | C] () -- C:\WINDOWS\System32\drivers\ikdv.sys


    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
everythingsm
Posted 02 June 2011 - 03:23 PM

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts
Here ya go. I’m starting to get some hope, should I ?
1)Not trying to rush you with these questions but I tried to down load MalewareBytes with the same download problem ?
2)Looks like most all files are visible now except C Drive(still must check show hidden files to see those folders ?
3)Will what we are doing give me the ability to do a new XP Repair since my system did not finish the download or allow me to get updates still ? says I must be logged in as Admin and I should be ?

4) Tollbar on bottom still missing.

thanks

OTL logfile created on: 6/2/2011 2:12:14 PM - Run 4
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Scott\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 75.01% Memory free
4.83 Gb Paging File | 4.24 Gb Available in Paging File | 87.72% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 12.34 Gb Free Space | 2.65% Space Free | Partition Type: NTFS
Drive X: | 465.76 Gb Total Space | 401.77 Gb Free Space | 86.26% Space Free | Partition Type: NTFS

Computer Name: SCOTT-213F49CC3 | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/02 10:07:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/06/30 16:56:22 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/06/16 05:59:30 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | -H-- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2011/06/02 10:07:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/11/16 02:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/06/30 16:56:22 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/04/01 10:17:27 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2007/08/09 00:27:52 | 000,073,728 | -H-- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 14:01:38 | 000,387,480 | -H-- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:01:38 | 000,314,088 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,153,280 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,095,824 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:01:38 | 000,088,736 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 14:01:38 | 000,088,736 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,084,200 | -H-- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 14:01:38 | 000,056,064 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/06/05 14:11:21 | 000,064,288 | -H-- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/12/18 12:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/11/04 17:54:12 | 000,040,552 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/10/12 21:24:56 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/12 21:24:54 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/12 21:24:52 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/09/16 10:22:14 | 000,034,248 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/09/02 18:08:28 | 004,812,288 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/24 16:07:58 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/06/02 14:05:00 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110516154635.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -521
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: download.microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: live.com ([help] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.microsoft.com ([]http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1306968218859 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1238625505953 (MUWebControl Class)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...570/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/01 10:05:02 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c5dd3256-418a-11de-9a81-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c5dd3256-418a-11de-9a81-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c5dd3256-418a-11de-9a81-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/02 14:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/06/02 12:02:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/02 11:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Application Data\vlc
[2011/06/02 10:07:03 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
[2011/06/02 07:59:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/02 07:47:41 | 000,607,294 | R--- | C] (Swearware) -- C:\Documents and Settings\Scott\Desktop\dds.scr
[2011/06/02 07:35:49 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Scott\Desktop\mbam-setup-1[1].51.0.1200.exe
[2011/05/31 16:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Application Data\InstallShield
[2011/05/31 08:14:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/05/31 07:18:52 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/05/31 07:18:52 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/05/31 07:18:52 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/05/31 07:17:43 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/05/31 05:39:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2011/05/30 15:05:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Scott\Recent
[2011/05/30 10:06:56 | 000,000,000 | -H-D | C] -- C:\RECOVERY
[2011/05/18 14:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Start Menu\Programs\HiJackThis
[2011/05/18 14:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

========== Files - Modified Within 30 Days ==========

[2011/06/02 14:12:24 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\Microsoft Office Word 2007.lnk
[2011/06/02 14:11:37 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/02 14:10:41 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/02 14:08:57 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/02 14:08:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/02 14:05:00 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/02 11:55:59 | 000,606,105 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\unhide.exe
[2011/06/02 10:07:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
[2011/06/02 07:47:44 | 000,607,294 | R--- | M] (Swearware) -- C:\Documents and Settings\Scott\Desktop\dds.scr
[2011/06/02 07:35:59 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Scott\Desktop\mbam-setup-1[1].51.0.1200.exe
[2011/06/01 20:09:15 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/05/31 18:37:10 | 000,000,321 | -HS- | M] () -- C:\boot.ini
[2011/05/31 17:32:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/31 10:44:04 | 000,009,272 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\hijackthis053111
[2011/05/31 08:56:34 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\Internet Explorer (No Add-ons) (2).lnk
[2011/05/31 08:13:36 | 000,156,360 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/31 07:20:50 | 002,015,808 | -H-- | M] () -- C:\WINDOWS\iis6.BAK
[2011/05/31 07:20:13 | 000,000,316 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/05/31 07:16:55 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/05/31 07:16:55 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/05/31 07:16:55 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/05/31 07:16:42 | 000,004,161 | -H-- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/31 07:14:29 | 000,023,376 | -H-- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/05/30 20:27:48 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/05/30 20:02:06 | 000,336,111 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2011/05/30 19:44:18 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/25 09:20:40 | 019,071,424 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\WatchmanCryBroadcast_162.mp3
[2011/05/17 08:58:45 | 000,082,109 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\Coupons_FullServiceOilCharg.pdf

========== Files Created - No Company Name ==========

[2011/06/02 11:55:56 | 000,606,105 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\unhide.exe
[2011/05/31 10:44:04 | 000,009,272 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\hijackthis053111
[2011/05/31 08:56:34 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\Internet Explorer (No Add-ons) (2).lnk
[2011/05/31 07:18:44 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/05/31 07:18:22 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/05/31 07:18:13 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/05/31 07:18:12 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/05/31 07:18:11 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/05/31 07:18:06 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/05/31 07:18:03 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/05/31 07:17:58 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2011/05/31 07:17:44 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/05/31 07:03:41 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2011/05/31 07:03:41 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2011/05/31 07:03:41 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2011/05/31 07:03:41 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2011/05/31 07:03:41 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2011/05/31 07:03:41 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/05/31 07:03:41 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/05/31 07:03:41 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/05/31 07:03:40 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/05/31 07:03:40 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2011/05/31 07:03:40 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/05/31 07:03:40 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/05/31 07:03:40 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/05/31 07:03:40 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/05/31 07:03:40 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/05/31 07:03:40 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/05/31 07:03:40 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/05/31 07:03:39 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/05/30 20:27:48 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/05/30 19:59:55 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Scott\Start Menu\Programs\Windows Media Player.lnk
[2011/05/30 19:20:36 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/05/25 09:21:10 | 019,071,424 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\WatchmanCryBroadcast_162.mp3
[2011/05/17 08:58:45 | 000,082,109 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\Coupons_FullServiceOilCharg.pdf
[2010/10/19 13:47:28 | 000,085,504 | -H-- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/13 22:54:05 | 000,116,764 | -H-- | C] () -- C:\WINDOWS\hpoins11.dat
[2010/02/13 14:55:19 | 000,000,221 | -H-- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2009/12/28 22:24:57 | 000,054,016 | -H-- | C] () -- C:\WINDOWS\System32\drivers\kcuyf.sys
[2009/12/11 19:46:18 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/08 23:18:31 | 000,001,324 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/21 11:00:54 | 000,087,552 | -H-- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/08/15 14:57:02 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2009/08/03 16:07:42 | 000,403,816 | -H-- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | -H-- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/26 14:05:32 | 000,015,880 | -H-- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/06/16 11:44:03 | 000,000,059 | -H-- | C] () -- C:\WINDOWS\wpd99.drv
[2009/06/16 11:03:31 | 000,176,235 | -H-- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/05/26 12:09:23 | 000,000,575 | -H-- | C] () -- C:\WINDOWS\WININIT.INI
[2009/04/15 16:12:53 | 000,093,684 | -H-- | C] () -- C:\WINDOWS\hpqins07.dat.temp
[2009/04/15 14:45:44 | 000,094,084 | -H-- | C] () -- C:\WINDOWS\hpqins07.dat
[2009/04/08 08:33:12 | 000,168,448 | -H-- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/04/06 12:13:57 | 000,117,369 | -H-- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2009/04/06 12:13:57 | 000,011,634 | -H-- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2009/04/03 07:30:12 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/02 07:26:08 | 000,077,824 | RH-- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/04/01 10:20:03 | 000,204,800 | -H-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2009/04/01 10:06:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/04/01 10:02:50 | 000,023,376 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/04/01 01:57:30 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/01 01:56:36 | 000,156,360 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 22:59:42 | 000,018,904 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 05:00:00 | 000,600,466 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 05:00:00 | 000,118,246 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 05:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/09/27 11:51:02 | 000,020,698 | -H-- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | -H-- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | -H-- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/04/19 16:14:31 | 000,011,634 | -H-- | C] () -- C:\WINDOWS\hpomdl11.dat
[2005/04/15 09:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/15 09:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/07 03:00:00 | 000,003,399 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/10/03 11:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2009/04/01 10:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/02/19 20:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/06/16 11:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/04/02 10:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/04/02 10:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/04/03 11:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/05/05 11:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2009/04/02 12:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/02/20 10:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009/04/06 13:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/18 02:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Cuni
[2009/04/07 11:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Explorer for Outlook Express
[2010/09/21 17:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Idokt
[2010/10/07 19:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Ifahi
[2009/05/20 18:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\ImgBurn
[2010/07/10 20:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Lakowe
[2010/02/21 12:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Research In Motion
[2009/07/28 12:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Scan2PDF
[2011/06/02 14:10:41 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/06/02 14:11:37 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Scott\.plugin141_07.trace:SummaryInformation

< End of report >
  • 0

#6
Essexboy
Posted 02 June 2011 - 03:45 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets see if we can clear the remainder

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

THEN

First run the fixit on this page

If that fails then try the following

  • To open a command prompt, click Start > All Programs > Accessories
  • Copy and paste (or type) the following command in the command box box and then press ENTER:
    netsh winsock reset c:\resetlog.txt
  • Reboot the computer.
  • In next reply please post content of the file c:\resetlog.txt

NEXT

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#7
everythingsm
Posted 02 June 2011 - 05:12 PM

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts
Your RogueKiller link had no working download I could find so I found this one on your site. It looks to be the same animal. Your link below FYI.
http://www.geekstogo...13-roguekiller/

I was not prompted to press 6 ? I pressed 1 then a report was generated.



RogueKiller V5.2.1 [06/02/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Scott [Admin rights]
Mode: Scan -- Date : 06/02/2011 15:06:46
Bad processes: 0
Registry Entries: 1
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

HOSTS File:
ÿ₫1
Finished : << \RKreport[1].txt >>
RKreport[1].txt




Microsoft Fix It – click on Icon and rebooted




COMBOFIX

ComboFix 11-06-02.02 - Scott 06/02/2011 15:50:56.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3061.2386 [GMT -7:00]
Running from: c:\documents and settings\Scott\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Scott\Application Data\Adobe\plugs
c:\documents and settings\Scott\Application Data\Adobe\shed
c:\documents and settings\Scott\Application Data\Idokt
c:\documents and settings\Scott\Application Data\Idokt\cymey.awo
c:\program files\Internet Explorer\SET157.tmp
c:\program files\Internet Explorer\SETC7.tmp
c:\program files\Internet Explorer\SETC8.tmp
c:\program files\Internet Explorer\SETCB.tmp
c:\program files\Internet Explorer\SETCC.tmp
c:\windows\system32\Drivers\kcuyf.sys
c:\windows\system32\logs
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
.
.
((((((((((((((((((((((((( Files Created from 2011-05-02 to 2011-06-02 )))))))))))))))))))))))))))))))
.
.
2011-06-02 19:02 . 2011-06-02 19:02 -------- d-----w- C:\_OTL
2011-06-02 18:54 . 2011-06-02 18:54 -------- d-----w- c:\documents and settings\Scott\Application Data\vlc
2011-06-02 14:59 . 2011-06-02 14:59 -------- d-----w- c:\program files\Common Files\Java
2011-06-02 14:59 . 2011-04-14 12:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-01 00:30 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-06-01 00:30 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2011-05-31 23:57 . 2011-05-31 23:57 -------- d-----w- c:\documents and settings\Scott\Application Data\InstallShield
2011-05-31 14:18 . 2008-04-14 12:00 5632 -c--a-w- c:\windows\system32\dllcache\smimsgif.dll
2011-05-31 14:17 . 2008-04-14 12:00 7680 -c--a-w- c:\windows\system32\dllcache\ftpctrs2.dll
2011-05-31 14:03 . 2008-04-14 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-05-31 14:03 . 2008-04-14 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-05-31 14:03 . 2008-04-14 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-05-31 14:03 . 2008-04-14 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-05-31 12:39 . 2011-05-31 12:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2011-05-31 02:20 . 2008-04-14 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-05-31 02:20 . 2008-04-14 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-05-30 21:44 . 2011-05-30 21:44 65536 ---ha-w- c:\windows\system32\Spool\prtprocs\w32x86\1881E2.tmp
2011-05-30 17:06 . 2011-05-30 17:23 -------- d-----w- C:\RECOVERY
2011-05-30 16:29 . 2011-05-30 16:29 -------- d--h--w- c:\windows\system32\wbem\Repository
2011-05-27 22:38 . 2011-05-09 20:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{18203369-1C4E-4E53-B6D7-CBD98EF75552}\mpengine.dll
2011-05-18 21:55 . 2011-05-18 21:55 388096 ----a-r- c:\documents and settings\Scott\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-18 21:55 . 2011-05-18 21:55 -------- d-----w- c:\program files\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 16:11 . 2009-06-26 17:33 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-09 20:46 . 2009-05-09 21:20 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-04-14 21:01 . 2010-09-07 22:26 9344 ---ha-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 21:01 . 2010-09-07 22:26 95824 ---ha-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 21:01 . 2010-09-07 22:26 88736 ---ha-w- c:\windows\system32\drivers\mfendisk.sys
2011-04-14 21:01 . 2010-09-07 22:26 84488 ---ha-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 21:01 . 2010-09-07 22:26 84200 ---ha-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-04-14 21:01 . 2010-09-07 22:26 56064 ---ha-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 21:01 . 2010-09-07 22:26 387480 ---ha-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 21:01 . 2010-09-07 22:26 314088 ---ha-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 21:01 . 2009-04-01 20:47 52320 ---ha-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 21:01 . 2009-04-01 20:47 153280 ---ha-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 09:40 . 2009-11-04 07:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-04-01 17:17 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-06-16 12:59 864112 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-28 00:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-20 00:20 57344 ---ha-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-01-13 19:46 166912 ---ha-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-01-13 19:46 134656 ---ha-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-03-13 03:56 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
2011-04-05 18:50 1195408 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-01-13 19:46 135680 ---ha-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 23:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-09-02 22:09 16851456 ---ha-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 20:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-10-13 04:24 2000112 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBTUCopy]
2005-04-27 08:43 356352 ----a-r- c:\program files\VBTUCopy\VBTUCopy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 02:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/26/2009 12:07 PM 64288]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [9/7/2010 3:26 PM 84200]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 9:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 74480]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 8:52 AM 1352832]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2/14/2010 1:55 PM 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [9/7/2010 3:26 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [9/7/2010 3:26 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [9/7/2010 3:26 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [9/7/2010 3:26 PM 141792]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [9/7/2010 3:26 PM 56064]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [9/7/2010 3:26 PM 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [9/7/2010 3:26 PM 88736]
S0 cerc6;cerc6; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 12:58 PM 11336]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [11/16/2010 2:10 AM 267568]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [9/7/2010 3:26 PM 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [9/7/2010 3:26 PM 84488]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 7408]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/14/2008 5:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 12:59]
.
2011-06-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: download.microsoft.com
Trusted Zone: internet
Trusted Zone: live.com\help
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: update.microsoft.com
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.microsoft.com
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-02 15:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\TEMP\TMP00000026C647F436867E0CE3 524288 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(636)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(1512)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\igfxrENU.lrc
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\SearchProtocolHost.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2011-06-02 16:02:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-02 23:02
.
Pre-Run: 13,093,326,848 bytes free
Post-Run: 12,991,512,576 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 34AF5BA421C0E09966154E1FDEA22908

Thanks
  • 0

#8
Essexboy
Posted 03 June 2011 - 09:15 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run RogueKiller again please but this time press 6

That was a secondary link you retrieved it from, the main page is in French though

Once done a log will be generated could you post that please along with what problems remain
  • 0

#9
everythingsm
Posted 03 June 2011 - 09:38 AM

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts
Here ya go

Still no Taskbar, Windows update not available, still can't update Malawarebytes. This is what I see as remaing problems so far. Sorry for the first Rogue Report. I saw 1 in GREEN and thought I would be prompted to press 6 after the scan. Hope this is what you needed. Please let me know if not.


RogueKiller V5.2.1 [06/02/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Scott [Admin rights]
Mode: Shortcuts HJfix -- Date : 06/03/2011 08:34:29

Bad processes: 0

File attributes restored:
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 10 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 49 / Fail 0
My documents: Success 334 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 10073 / Fail 0
Backup: [NOT FOUND]

Finished : << \RKreport[6].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt
  • 0

#10
Essexboy
Posted 03 June 2011 - 09:46 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Local drives: Success 10073 / Fail 0
Programs: Success 10 / Fail 0
User folder: Success 49 / Fail 0
My documents: Success 334 / Fail 0

That looks better

First run this fixit, download and extract the attached zip file then run the MS fixit
[attachment=50578:MicrosoftFixit50199.zip]

If that fails then try the following

  • To open a command prompt, click Start > All Programs > Accessories
  • Copy and paste (or type) the following command in the command box box and then press ENTER:
    netsh winsock reset c:\resetlog.txt
  • Reboot the computer.
  • In next reply please post content of the file c:\resetlog.txt

Once done then retry windows update
  • 0

Advertisements

#11
everythingsm
Posted 03 June 2011 - 11:10 AM

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts
Great !!!!

- Windows XP over 90+ updates completed.
- I did not get Quick Launch back and the Media Player 11 Icon is the OLD Media Player Icon ? I only point this out cause it maybe something you can treek with registry not sure. I can rebuild if you tell me how.
- All Malware & Virus software will update.. EXCEPT MalwareBytes (In update are it says " I have current update" but in DATE: area NO DATE. I was going to remove and reinstall but wanted to wait on your direction.
- Should I run all Malware & Virus software.. will not until you tell me.

Looks like the light is getting closer.

Edited by everythingsm, 03 June 2011 - 11:17 AM.

  • 0

#12
Essexboy
Posted 03 June 2011 - 11:23 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I love progress :)

Ok for the missing taskbar, download the attached VBS (snaffled from Kellys Korner) unzip to your desktop and run

[attachment=50579:xp_taskbar_desktop_fixall.zip]

For malwarebytes - uninstall it and then download a fresh copy

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#13
everythingsm
Posted 03 June 2011 - 11:40 AM

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts
- Completed Taskbar fix. All of my Taskbar folders dissappeared (can they be retrieved ?)Selected Itunes for EXAMPLE an it will not show up in Quick Launch . I DID REBOOT AFTER FIX
- Tried to remove Malwarebytes .. sames error message below.
Internal error: cannot find ut compiled code record for this version of the uninstaller.

?

Edited by everythingsm, 03 June 2011 - 11:46 AM.

  • 0

#14
Essexboy
Posted 03 June 2011 - 11:54 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you mean the quick launch items ? Is quick launch enabled

Download and run MBAM clean

Reboot and then install a fresh version

EDIT: download the attached VBS extract to your desktop and run [attachment=50580:repairquicklaunch.zip]
  • 0

#15
everythingsm
Posted 03 June 2011 - 12:40 PM

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts
QuickLaunch, yes the items. It is enabled. I found I can rebuild by dragging ICONs. I like DISPLAY Desk TOP for trouble and couldn't find a way to do it but found the below link. I completed the RUN input but have not rebooted. It's not there yet... but very minor at this point.

http://www.tacktech....ay.cfm?ttid=332


PErfect MalwareBytes clean. Below is the report. IS my UNINSTALLER ok or was there just a prob with Malwarebytes removal in Add/Remove Programs ? I did have Dr Watson pop up when update SPybot but it went away and I wsa able to run a clean pass.. any prob there ?

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6764

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/3/2011 11:21:43 AM
mbam-log-2011-06-03 (11-21-43).txt

Scan type: Quick scan
Objects scanned: 166121
Time elapsed: 4 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP