Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

No Internet Connection.... [Solved]

Started by hbkvcu , Aug 18 2012 11:33 PM

  • This topic is locked This topic is locked

#1
hbkvcu
Posted 18 August 2012 - 11:33 PM

hbkvcu

    Member

  • Member
  • PipPip
  • 25 posts
Hello Forum,

Whenever I start up my computer, my desktop will have the system32 window open (showing all the files in it) for no apparent reason. Then when I try to get on the internet, it won't connect and I am not sure why....I hope you can help me....I have attached the OTL below per your request:

OTL logfile created on: 8/19/2012 1:12:03 AM - Run 1
OTL by OldTimer - Version 3.2.58.0 Folder = C:\Documents and Settings\Deborah\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 58.78% Memory free
3.60 Gb Paging File | 3.09 Gb Available in Paging File | 85.95% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 216.23 Gb Free Space | 92.85% Space Free | Partition Type: NTFS
Drive G: | 3.73 Gb Total Space | 0.26 Gb Free Space | 7.02% Space Free | Partition Type: FAT32

Computer Name: DEBORAH-PIRC590 | User Name: Deborah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/19 00:38:54 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Deborah\Desktop\OTL.exe
PRC - [2012/08/02 18:58:33 | 000,161,776 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/04/19 08:21:26 | 000,308,392 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\McVsShld.exe
PRC - [2012/04/04 01:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/03/21 21:16:10 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010/03/09 10:39:58 | 001,280,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Internet Content Filter\mfp.exe
PRC - [2010/03/09 10:39:58 | 000,235,024 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Internet Content Filter\UpdateService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2010/08/26 00:12:26 | 000,555,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/08/17 22:56:53 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/17 22:22:16 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/02 18:58:33 | 000,161,776 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/04/19 08:21:16 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Stopped] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/01/28 13:28:50 | 000,203,080 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\McAfee\MSC\McAWFwk.exe -- (McAWFwk)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/09 10:39:58 | 000,235,024 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Internet Content Filter\UpdateService.exe -- (fpUpdateSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/02/22 13:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/02/22 13:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/02/22 13:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/02/22 13:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/02/22 13:29:46 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2012/02/22 13:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/02/22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2012/02/22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2012/02/22 13:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/02/22 13:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/09/02 12:46:28 | 000,254,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV - [2010/09/07 16:08:58 | 000,100,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2008/08/01 19:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 19:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/27 11:52:00 | 001,310,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/02/08 10:46:36 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/12/18 13:18:00 | 000,732,160 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2007/11/01 09:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 09:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/01 09:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/10/12 17:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/07/28 18:43:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/08/19 01:12:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/12 19:54:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/17 22:56:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/12 19:54:12 | 000,000,000 | ---D | M]

[2012/08/02 12:29:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Deborah\Application Data\Mozilla\Extensions
[2012/08/12 20:12:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\mjv7um8i.default\extensions
[2012/08/12 20:12:26 | 000,000,000 | ---D | M] (HP Detect) -- C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\mjv7um8i.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012/08/02 21:30:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\mjv7um8i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/08/17 22:56:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/17 22:56:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/08/17 22:56:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/08/02 19:09:49 | 001,184,804 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DEBORAH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MJV7UM8I.DEFAULT\EXTENSIONS\[email protected]
[2012/08/17 22:56:54 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/08 19:28:58 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/08 19:28:58 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/08/02 17:23:14 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120621205343.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ICF] C:\Program Files\Internet Content Filter\mfp.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NVCPL.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\mswsock.dll File not found
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF0D8CDE-3410-4563-8B29-D1AE5269504D}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/09 23:38:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/06/14 21:18:48 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/19 01:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Verizon
[2012/08/19 01:11:39 | 000,598,016 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Deborah\Desktop\OTL.exe
[2012/08/17 22:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/08/12 20:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah\Application Data\HPAppData
[2012/08/12 19:39:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012/08/11 20:47:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2012/08/02 20:18:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah\Local Settings\Application Data\Sun
[2012/08/02 19:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/08/02 18:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/02 17:36:59 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2012/08/02 12:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah\Application Data\Mozilla
[2012/08/02 12:28:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/07/31 20:55:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/07/31 18:15:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/07/29 19:20:59 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/07/28 18:36:04 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/21 17:38:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/07/21 17:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/07/21 14:42:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah\Application Data\Malwarebytes
[2012/07/21 14:41:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/07/21 08:15:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Deborah\My Documents\My Videos
[2012/07/20 21:14:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah\Desktop\Lewis Ginter Pictures
[2012/07/20 21:14:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah\Desktop\New folder (10)
[2012/07/20 21:14:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah\Desktop\Desktop Music
[2012/07/20 20:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah\My Documents\My Streaming Media
[2012/07/20 20:00:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah\Application Data\Replay Media Catcher 4

========== Files - Modified Within 30 Days ==========

[2012/08/19 01:12:57 | 000,441,802 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/08/19 01:12:57 | 000,071,698 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/08/19 01:12:06 | 000,001,589 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Verizon Internet Security Suite.lnk
[2012/08/19 01:08:59 | 000,013,704 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/19 01:07:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/19 00:38:54 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Deborah\Desktop\OTL.exe
[2012/08/18 21:59:54 | 000,194,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/18 21:56:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/18 00:21:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/12 20:31:53 | 000,204,339 | ---- | M] () -- C:\WINDOWS\hpwins26.dat.temp
[2012/08/12 20:31:53 | 000,204,339 | ---- | M] () -- C:\WINDOWS\hpwins26.dat
[2012/08/12 20:13:32 | 000,057,749 | ---- | M] () -- C:\Documents and Settings\Deborah\Desktop\HP Installation Error - XP.hta
[2012/08/12 19:52:10 | 000,001,018 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2012/08/12 19:51:12 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/08/11 17:35:37 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Deborah\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/11 17:35:37 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/08/02 21:16:35 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/08/02 21:16:35 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/08/02 21:16:31 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/08/02 19:24:50 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Deborah\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/02 19:09:05 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/08/02 17:23:14 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/07/21 19:04:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

========== Files Created - No Company Name ==========

[2012/08/12 19:52:50 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2012/08/12 19:52:10 | 000,001,018 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2012/08/12 19:51:12 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/08/12 19:46:23 | 000,204,339 | ---- | C] () -- C:\WINDOWS\hpwins26.dat
[2012/08/12 19:46:23 | 000,000,370 | ---- | C] () -- C:\WINDOWS\hpwmdl26.dat
[2012/08/11 21:30:48 | 000,057,749 | ---- | C] () -- C:\Documents and Settings\Deborah\Desktop\HP Installation Error - XP.hta
[2012/08/02 21:15:12 | 000,003,739 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2012/08/02 19:09:05 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/08/02 12:28:14 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Deborah\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/02 12:28:14 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/08/02 12:28:14 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/07/21 17:38:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/01 21:38:41 | 000,204,339 | ---- | C] () -- C:\WINDOWS\hpwins26.dat.temp
[2012/06/01 21:38:41 | 000,000,370 | ---- | C] () -- C:\WINDOWS\hpwmdl26.dat.temp
[2012/04/14 11:03:23 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/04/14 11:03:18 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/04/14 11:03:18 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/04/14 10:59:47 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2012/03/18 17:25:17 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Deborah\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/29 17:21:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/12 18:56:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/11/12 18:13:49 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Deborah\Local Settings\Application Data\fusioncache.dat
[2011/11/12 17:19:42 | 000,116,910 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2011/11/12 17:19:42 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2011/11/12 16:37:37 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2011/11/12 16:36:48 | 000,000,741 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2011/11/11 17:38:25 | 000,000,027 | ---- | C] () -- C:\WINDOWS\SmAudio.INI
[2011/11/10 16:23:15 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011/11/09 23:39:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/11/09 23:35:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/11/09 16:41:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/11/09 16:40:10 | 000,194,568 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2012/04/07 23:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdvancedRegistryClear
[2012/07/07 22:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/04/07 23:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deborah\Application Data\AdvancedRegistryClear
[2012/07/20 20:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deborah\Application Data\Replay Media Catcher 4

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 19 August 2012 - 05:35 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there have you just tried to clean an infection ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
O3 - HKLM\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

:Files
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt  /c
ipconfig /release /c
ipconfig /renew /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

FINALLY

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#3
hbkvcu
Posted 19 August 2012 - 05:28 PM

hbkvcu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hello,

Yes...it's me again....It was almost a month ago when I had an infection...and now my laptop got into the wrong hands again. By the way, this laptop is supposed to be a laptop where my nieces and nephews play on....But now I will have to retire it once it's clean again. I will run the jobs you recommended and I will post hopefully later.

Thanks for your help and giving me mercy...LOL !!
  • 0

#4
hbkvcu
Posted 19 August 2012 - 11:11 PM

hbkvcu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hello Essexboy,

Here is the OTL log you requested:

OTL logfile created on: 8/20/2012 12:45:45 AM - Run 2
OTL by OldTimer - Version 3.2.58.0 Folder = C:\Documents and Settings\Deborah\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 75.30% Memory free
3.60 Gb Paging File | 3.31 Gb Available in Paging File | 91.91% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 217.32 Gb Free Space | 93.32% Space Free | Partition Type: NTFS
Drive G: | 3.73 Gb Total Space | 0.16 Gb Free Space | 4.40% Space Free | Partition Type: FAT32

Computer Name: DEBORAH-PIRC590 | User Name: Deborah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/19 00:38:54 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Deborah\Desktop\OTL.exe
PRC - [2012/08/02 18:58:33 | 000,161,776 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/04/04 01:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/03/21 21:16:10 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010/03/09 10:39:58 | 001,280,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Internet Content Filter\mfp.exe
PRC - [2010/03/09 10:39:58 | 000,235,024 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Internet Content Filter\UpdateService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/16 17:17:54 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/01 20:20:23 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/22 21:03:37 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/22 20:59:43 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/22 20:59:34 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/08/17 22:56:53 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/17 22:22:16 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/02 18:58:33 | 000,161,776 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/04/19 08:21:16 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/01/28 13:28:50 | 000,203,080 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\McAfee\MSC\McAWFwk.exe -- (McAWFwk)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/09 10:39:58 | 000,235,024 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Internet Content Filter\UpdateService.exe -- (fpUpdateSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/02/22 13:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/02/22 13:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/02/22 13:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/02/22 13:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/02/22 13:29:46 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2012/02/22 13:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/02/22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2012/02/22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2012/02/22 13:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/02/22 13:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/09/02 12:46:28 | 000,254,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV - [2010/09/07 16:08:58 | 000,100,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2008/08/01 19:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 19:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/27 11:52:00 | 001,310,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/02/08 10:46:36 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/12/18 13:18:00 | 000,732,160 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2007/11/01 09:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 09:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/01 09:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/10/12 17:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/07/28 18:43:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/08/20 00:43:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/12 19:54:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/17 22:56:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/12 19:54:12 | 000,000,000 | ---D | M]

[2012/08/02 12:29:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Deborah\Application Data\Mozilla\Extensions
[2012/08/12 20:12:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\mjv7um8i.default\extensions
[2012/08/12 20:12:26 | 000,000,000 | ---D | M] (HP Detect) -- C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\mjv7um8i.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012/08/02 21:30:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\mjv7um8i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/08/17 22:56:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/17 22:56:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/08/17 22:56:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/08/02 19:09:49 | 001,184,804 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DEBORAH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MJV7UM8I.DEFAULT\EXTENSIONS\[email protected]
[2012/08/17 22:56:54 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/08 19:28:58 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/08 19:28:58 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/08/20 00:39:57 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120621205343.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ICF] C:\Program Files\Internet Content Filter\mfp.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NVCPL.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\mswsock.dll File not found
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF0D8CDE-3410-4563-8B29-D1AE5269504D}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/09 23:38:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/06/14 21:18:48 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/20 00:48:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Verizon
[2012/08/20 00:39:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/19 01:11:39 | 000,598,016 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Deborah\Desktop\OTL.exe
[2012/08/17 22:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/08/12 20:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah\Application Data\HPAppData
[2012/08/12 19:39:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012/08/11 20:47:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2012/08/02 20:18:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah\Local Settings\Application Data\Sun
[2012/08/02 19:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/08/02 18:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/02 17:36:59 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2012/08/02 12:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah\Application Data\Mozilla
[2012/08/02 12:28:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/07/31 20:55:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/07/31 18:15:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/07/29 19:20:59 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/07/28 18:36:04 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/21 17:38:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/07/21 17:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/07/21 14:42:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah\Application Data\Malwarebytes
[2012/07/21 14:41:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/07/21 08:15:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Deborah\My Documents\My Videos

========== Files - Modified Within 30 Days ==========

[2012/08/20 00:49:25 | 000,441,802 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/08/20 00:49:25 | 000,071,698 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/08/20 00:48:46 | 000,001,589 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Verizon Internet Security Suite.lnk
[2012/08/20 00:45:21 | 000,013,704 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/20 00:44:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/20 00:39:57 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/08/19 02:21:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/19 00:38:54 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Deborah\Desktop\OTL.exe
[2012/08/18 21:59:54 | 000,194,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/18 21:56:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/12 20:31:53 | 000,204,339 | ---- | M] () -- C:\WINDOWS\hpwins26.dat.temp
[2012/08/12 20:31:53 | 000,204,339 | ---- | M] () -- C:\WINDOWS\hpwins26.dat
[2012/08/12 20:13:32 | 000,057,749 | ---- | M] () -- C:\Documents and Settings\Deborah\Desktop\HP Installation Error - XP.hta
[2012/08/12 19:52:10 | 000,001,018 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2012/08/12 19:51:12 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/08/11 17:35:37 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Deborah\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/11 17:35:37 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/08/02 21:16:35 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/08/02 21:16:35 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/08/02 21:16:31 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/08/02 19:24:50 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Deborah\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/02 19:09:05 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/07/21 19:04:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

========== Files Created - No Company Name ==========

[2012/08/12 19:52:50 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2012/08/12 19:52:10 | 000,001,018 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2012/08/12 19:51:12 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/08/12 19:46:23 | 000,204,339 | ---- | C] () -- C:\WINDOWS\hpwins26.dat
[2012/08/12 19:46:23 | 000,000,370 | ---- | C] () -- C:\WINDOWS\hpwmdl26.dat
[2012/08/11 21:30:48 | 000,057,749 | ---- | C] () -- C:\Documents and Settings\Deborah\Desktop\HP Installation Error - XP.hta
[2012/08/02 21:15:12 | 000,003,739 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2012/08/02 19:09:05 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/08/02 12:28:14 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Deborah\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/02 12:28:14 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/08/02 12:28:14 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/07/21 17:38:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/01 21:38:41 | 000,204,339 | ---- | C] () -- C:\WINDOWS\hpwins26.dat.temp
[2012/06/01 21:38:41 | 000,000,370 | ---- | C] () -- C:\WINDOWS\hpwmdl26.dat.temp
[2012/04/14 11:03:23 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/04/14 11:03:18 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/04/14 11:03:18 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/04/14 10:59:47 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2012/03/18 17:25:17 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Deborah\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/29 17:21:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/12 18:56:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/11/12 18:13:49 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Deborah\Local Settings\Application Data\fusioncache.dat
[2011/11/12 17:19:42 | 000,116,910 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2011/11/12 17:19:42 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2011/11/12 16:37:37 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2011/11/12 16:36:48 | 000,000,741 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2011/11/11 17:38:25 | 000,000,027 | ---- | C] () -- C:\WINDOWS\SmAudio.INI
[2011/11/10 16:23:15 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011/11/09 23:39:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/11/09 23:35:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/11/09 16:41:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/11/09 16:40:10 | 000,194,568 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2012/04/07 23:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdvancedRegistryClear
[2012/07/07 22:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/04/07 23:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deborah\Application Data\AdvancedRegistryClear
[2012/07/20 20:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deborah\Application Data\Replay Media Catcher 4

========== Purity Check ==========



< End of report >


Here is the ComboFix log:

ComboFix 12-08-18.03 - Deborah 08/20/2012 0:56.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1790.1093 [GMT -4:00]
Running from: c:\documents and settings\Deborah\Desktop\ComboFix.exe
AV: Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-20 to 2012-08-20 )))))))))))))))))))))))))))))))
.
.
2012-08-20 04:39 . 2012-08-20 04:39 -------- d-----w- C:\_OTL
2012-08-13 00:33 . 2012-08-18 03:27 -------- d-----w- c:\documents and settings\Deborah\Application Data\HPAppData
2012-08-12 23:56 . 2009-06-01 23:36 315392 ----a-r- c:\windows\system32\hpwvst01.dll
2012-08-12 23:56 . 2009-05-18 21:33 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2012-08-12 23:56 . 2009-05-18 21:33 309760 ----a-r- c:\windows\system32\difxapi.dll
2012-08-12 23:56 . 2009-06-01 23:36 966656 ----a-r- c:\windows\system32\hpwtiop5.dll
2012-08-12 23:56 . 2009-06-01 23:36 749568 ----a-r- c:\windows\system32\hpwwiax6.dll
2012-08-12 00:47 . 2012-08-12 00:55 -------- d-----w- c:\windows\SxsCaPendDel
2012-08-03 01:15 . 2010-10-16 18:55 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2012-08-03 01:15 . 2010-09-07 20:08 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2012-08-03 00:18 . 2012-08-03 00:18 -------- d-----w- c:\documents and settings\Deborah\Local Settings\Application Data\Sun
2012-08-02 22:59 . 2012-08-02 22:59 -------- d-----w- c:\program files\Common Files\Java
2012-08-02 21:36 . 2012-08-06 00:18 -------- d-----w- c:\program files\FileHippo.com
2012-08-02 16:28 . 2012-08-19 01:59 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-07-29 23:21 . 2012-08-02 22:58 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-29 23:21 . 2012-08-02 22:58 772592 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-29 23:20 . 2012-08-02 22:58 -------- d-----w- c:\program files\Java
2012-07-28 22:36 . 2012-07-28 22:36 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2012-07-21 18:42 . 2012-07-21 18:42 -------- d-----w- c:\documents and settings\Deborah\Application Data\Malwarebytes
2012-07-21 18:41 . 2012-07-21 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-18 02:22 . 2012-04-07 00:03 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-18 02:22 . 2011-11-11 21:33 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-02 22:58 . 2012-04-14 14:53 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-28 22:40 . 2011-11-09 20:42 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-07-06 13:58 . 2002-08-29 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2011-11-10 03:35 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2002-08-29 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2002-08-29 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2002-08-29 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2002-08-29 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2011-11-11 17:34 385024 ----a-w- c:\windows\system32\html.iec
2012-06-05 15:50 . 2011-11-12 20:36 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2002-08-29 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2002-08-29 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2009-08-07 00:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2011-11-11 17:34 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2011-11-11 17:34 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2011-11-11 17:34 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2011-11-11 17:34 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2011-11-10 03:35 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2009-08-07 00:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2002-08-29 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2009-08-07 00:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2011-11-11 17:34 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2011-11-10 03:35 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2002-08-29 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-08-18 02:56 . 2012-08-18 02:56 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
"ICF"="c:\program files\Internet Content Filter\mfp.exe" [2010-03-09 1280016]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe" [2012-04-04 815512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"NvCplDaemon"="c:\windows\SYSTEM32\NVCPL.DLL" [2010-10-16 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-10-16 16:05 13851752 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Pml Driver HPZ12"=2 (0x2)
"hpqwmiex"=2 (0x2)
"HP Status Server"=3 (0x3)
"HP Port Resolver"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [11/29/2011 12:59 AM 89792]
R2 fpUpdateSvc;Family Protection Update Service;c:\program files\Internet Content Filter\UpdateService.exe [11/29/2011 1:04 AM 235024]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/28/2011 7:20 PM 290832]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [11/29/2011 12:59 AM 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [11/29/2011 12:59 AM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [11/29/2011 12:59 AM 214904]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [11/29/2011 1:00 AM 151880]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [11/29/2011 12:59 AM 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [11/29/2011 12:59 AM 83856]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [4/14/2012 11:00 AM 100712]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [11/29/2011 1:00 AM 161632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/6/2012 8:03 PM 250568]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [11/29/2011 12:59 AM 57600]
S3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [11/29/2011 1:02 AM 203080]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [11/29/2011 12:59 AM 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [11/29/2011 12:59 AM 87656]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [8/2/2012 12:28 PM 114144]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [11/11/2011 11:44 AM 254568]
S4 McOobeSv;McAfee OOBE Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [11/29/2011 12:59 AM 214904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 02:22]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: ICF.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Deborah\Application Data\Mozilla\Firefox\Profiles\mjv7um8i.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-20 01:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_262_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_262_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(624)
c:\windows\system32\ICF.dll
.
Completion time: 2012-08-20 01:01:42
ComboFix-quarantined-files.txt 2012-08-20 05:01
.
Pre-Run: 233,273,151,488 bytes free
Post-Run: 233,247,416,320 bytes free
.
- - End Of File - - 3E1ED3CA3D1658AB255FD990891222A7


Here is the Farbar Service Scanner log:

Farbar Service Scanner Version: 06-08-2012
Ran by Deborah (administrator) on 20-08-2012 at 01:05:11
Running from "C:\Documents and Settings\Deborah\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) mfetdi2k(9) NetBT(6) PSched(7) Tcpip(4) WSIMD(8)
0x09000000050000000100000002000000030000000400000009000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****
  • 0

#5
Essexboy
Posted 20 August 2012 - 06:52 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
When you try to connect what error do you get ? As FSS can access the net quite happily

Could you open IE and copy/paste the following into the address bar http://74.125.224.72/
Press enter and let me know what happens
  • 0

#6
hbkvcu
Posted 20 August 2012 - 07:39 AM

hbkvcu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hello,

I don't get an error when I pull up the internet. I copied and pasted the link into IE and it brought me to the Google website. I think the internet part of the problem is fixed....but I'll let you be the judge :-)

The system32 window still keeps coming up whenever I start Windows....

Thanks !!
  • 0

#7
Essexboy
Posted 20 August 2012 - 08:11 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I have located a small vbs programme that should cure the system32 problem

Download the attached Zip file to your desktop
[attachment=59924:xp_system32opens.zip]
Extract the VBS inside to the desktop
Double click this file and allow it to run

Reboot.. Has it gone ?

What problems remain
  • 0

#8
hbkvcu
Posted 20 August 2012 - 08:55 AM

hbkvcu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hello,

After running it, a pop up box comes up and says:

"The script cannot repair your issue. The expected registry value was not found"
  • 0

#9
Essexboy
Posted 20 August 2012 - 11:10 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try OTL and this ..


What are the current problems you are experiencing

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
O4 - HKLM..\Run: [] File not found

:Commands
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#10
hbkvcu
Posted 20 August 2012 - 12:52 PM

hbkvcu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I still get the system32 box after it rebooted and before I ran OTL again

Here are the new OTL results:

OTL logfile created on: 8/20/2012 2:37:58 PM - Run 3
OTL by OldTimer - Version 3.2.58.0 Folder = C:\Documents and Settings\Deborah\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 75.27% Memory free
3.60 Gb Paging File | 3.32 Gb Available in Paging File | 92.14% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 216.64 Gb Free Space | 93.03% Space Free | Partition Type: NTFS
Drive G: | 3.73 Gb Total Space | 0.16 Gb Free Space | 4.40% Space Free | Partition Type: FAT32

Computer Name: DEBORAH-PIRC590 | User Name: Deborah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/19 00:38:54 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Deborah\Desktop\OTL.exe
PRC - [2012/08/02 18:58:33 | 000,161,776 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/04/04 01:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/03/21 21:16:10 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010/03/09 10:39:58 | 001,280,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Internet Content Filter\mfp.exe
PRC - [2010/03/09 10:39:58 | 000,235,024 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Internet Content Filter\UpdateService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/16 17:17:54 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/01 20:20:23 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/22 21:03:37 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/22 20:59:43 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/22 20:59:34 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/08/17 22:56:53 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/17 22:22:16 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/02 18:58:33 | 000,161,776 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/04/19 08:21:16 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/01/28 13:28:50 | 000,203,080 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\McAfee\MSC\McAWFwk.exe -- (McAWFwk)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/09 10:39:58 | 000,235,024 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Internet Content Filter\UpdateService.exe -- (fpUpdateSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Deborah\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/02/22 13:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/02/22 13:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/02/22 13:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/02/22 13:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/02/22 13:29:46 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2012/02/22 13:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/02/22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2012/02/22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2012/02/22 13:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/02/22 13:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/09/02 12:46:28 | 000,254,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV - [2010/09/07 16:08:58 | 000,100,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2008/08/01 19:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 19:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/27 11:52:00 | 001,310,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/02/08 10:46:36 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/12/18 13:18:00 | 000,732,160 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2007/11/01 09:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 09:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/01 09:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/10/12 17:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/07/28 18:43:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/08/20 10:52:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/12 19:54:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/17 22:56:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/12 19:54:12 | 000,000,000 | ---D | M]

[2012/08/02 12:29:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Deborah\Application Data\Mozilla\Extensions
[2012/08/12 20:12:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\mjv7um8i.default\extensions
[2012/08/12 20:12:26 | 000,000,000 | ---D | M] (HP Detect) -- C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\mjv7um8i.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012/08/02 21:30:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\mjv7um8i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/08/17 22:56:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/17 22:56:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/08/17 22:56:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/08/02 19:09:49 | 001,184,804 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DEBORAH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MJV7UM8I.DEFAULT\EXTENSIONS\[email protected]
[2012/08/17 22:56:54 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/08 19:28:58 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/08 19:28:58 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/08/20 01:00:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120621205343.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ICF] C:\Program Files\Internet Content Filter\mfp.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NVCPL.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\mswsock.dll File not found
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF0D8CDE-3410-4563-8B29-D1AE5269504D}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/09 23:38:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/06/14 21:18:48 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/20 10:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Verizon
[2012/08/20 01:04:33 | 000,693,235 | ---- | C] (Farbar) -- C:\Documents and Settings\Deborah\Desktop\FSS.exe
[2012/08/20 00:54:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/08/20 00:54:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/08/20 00:54:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/08/20 00:54:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/08/20 00:54:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/20 00:52:29 | 004,735,580 | R--- | C] (Swearware) -- C:\Documents and Settings\Deborah\Desktop\ComboFix.exe
[2012/08/20 00:39:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/19 01:11:39 | 000,598,016 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Deborah\Desktop\OTL.exe
[2012/08/17 22:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/08/12 20:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah\Application Data\HPAppData
[2012/08/12 19:39:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012/08/11 20:47:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2012/08/02 20:18:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah\Local Settings\Application Data\Sun
[2012/08/02 19:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/08/02 18:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/02 17:36:59 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2012/08/02 12:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah\Application Data\Mozilla
[2012/08/02 12:28:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/07/31 18:15:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/07/29 19:20:59 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/07/28 18:36:04 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/21 17:38:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/07/21 17:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/07/21 14:42:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah\Application Data\Malwarebytes
[2012/07/21 14:41:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

========== Files - Modified Within 30 Days ==========

[2012/08/20 15:08:42 | 000,000,573 | ---- | M] () -- C:\Documents and Settings\Deborah\Desktop\xp_system32opens.vbs
[2012/08/20 14:41:46 | 000,441,802 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/08/20 14:41:45 | 000,071,698 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/08/20 14:41:32 | 000,001,589 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Verizon Internet Security Suite.lnk
[2012/08/20 14:37:29 | 000,013,704 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/20 14:37:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/20 10:37:26 | 000,000,470 | ---- | M] () -- C:\Documents and Settings\Deborah\Desktop\xp_system32opens.zip
[2012/08/20 07:52:19 | 000,333,609 | ---- | M] () -- C:\Documents and Settings\Deborah\Desktop\11437$hk-1.jpg
[2012/08/20 07:52:11 | 000,065,970 | ---- | M] () -- C:\Documents and Settings\Deborah\Desktop\jrAug3_large.jpg
[2012/08/20 07:52:04 | 000,077,973 | ---- | M] () -- C:\Documents and Settings\Deborah\Desktop\Wpv12i_large.jpg
[2012/08/20 07:45:25 | 000,078,474 | ---- | M] () -- C:\Documents and Settings\Deborah\Desktop\YuYpQZ_large.jpg
[2012/08/20 07:44:57 | 000,086,607 | ---- | M] () -- C:\Documents and Settings\Deborah\Desktop\II40hj_large.jpg
[2012/08/20 07:21:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/20 07:14:58 | 000,038,244 | ---- | M] () -- C:\Documents and Settings\Deborah\Desktop\292409_10150994627032643_529774652_n.jpg
[2012/08/20 04:03:35 | 435,571,563 | ---- | M] () -- C:\Documents and Settings\Deborah\Desktop\bkb8912500k.wmv
[2012/08/20 02:10:02 | 154,611,607 | ---- | M] () -- C:\Documents and Settings\Deborah\Desktop\22934.flv
[2012/08/20 01:38:39 | 001,781,747 | ---- | M] () -- C:\Documents and Settings\Deborah\Desktop\Allyson_Felix_on_the_Tonight_Show_-_Blackgirl_Online.flv
[2012/08/20 01:30:02 | 001,781,747 | ---- | M] () -- C:\Documents and Settings\Deborah\Desktop\MYA_Live_LIV_CQ_-_YouTube.flv
[2012/08/20 01:23:12 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Deborah\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/08/20 01:00:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/08/19 19:16:20 | 000,693,235 | ---- | M] (Farbar) -- C:\Documents and Settings\Deborah\Desktop\FSS.exe
[2012/08/19 19:14:38 | 004,735,580 | R--- | M] (Swearware) -- C:\Documents and Settings\Deborah\Desktop\ComboFix.exe
[2012/08/19 00:38:54 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Deborah\Desktop\OTL.exe
[2012/08/18 21:59:54 | 000,194,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/18 21:56:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/12 20:31:53 | 000,204,339 | ---- | M] () -- C:\WINDOWS\hpwins26.dat.temp
[2012/08/12 20:31:53 | 000,204,339 | ---- | M] () -- C:\WINDOWS\hpwins26.dat
[2012/08/12 20:13:32 | 000,057,749 | ---- | M] () -- C:\Documents and Settings\Deborah\Desktop\HP Installation Error - XP.hta
[2012/08/12 19:52:10 | 000,001,018 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2012/08/12 19:51:12 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/08/11 17:35:37 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Deborah\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/11 17:35:37 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/08/02 21:16:35 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/08/02 21:16:35 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/08/02 21:16:31 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/08/02 19:24:50 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Deborah\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/02 19:09:05 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/07/21 19:04:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

========== Files Created - No Company Name ==========

[2012/08/20 10:51:06 | 000,000,573 | ---- | C] () -- C:\Documents and Settings\Deborah\Desktop\xp_system32opens.vbs
[2012/08/20 10:50:33 | 000,000,470 | ---- | C] () -- C:\Documents and Settings\Deborah\Desktop\xp_system32opens.zip
[2012/08/20 07:52:18 | 000,333,609 | ---- | C] () -- C:\Documents and Settings\Deborah\Desktop\11437$hk-1.jpg
[2012/08/20 07:52:10 | 000,065,970 | ---- | C] () -- C:\Documents and Settings\Deborah\Desktop\jrAug3_large.jpg
[2012/08/20 07:52:04 | 000,077,973 | ---- | C] () -- C:\Documents and Settings\Deborah\Desktop\Wpv12i_large.jpg
[2012/08/20 07:45:25 | 000,078,474 | ---- | C] () -- C:\Documents and Settings\Deborah\Desktop\YuYpQZ_large.jpg
[2012/08/20 07:44:56 | 000,086,607 | ---- | C] () -- C:\Documents and Settings\Deborah\Desktop\II40hj_large.jpg
[2012/08/20 07:14:58 | 000,038,244 | ---- | C] () -- C:\Documents and Settings\Deborah\Desktop\292409_10150994627032643_529774652_n.jpg
[2012/08/20 01:41:25 | 435,571,563 | ---- | C] () -- C:\Documents and Settings\Deborah\Desktop\bkb8912500k.wmv
[2012/08/20 01:38:33 | 001,781,747 | ---- | C] () -- C:\Documents and Settings\Deborah\Desktop\Allyson_Felix_on_the_Tonight_Show_-_Blackgirl_Online.flv
[2012/08/20 01:37:13 | 154,611,607 | ---- | C] () -- C:\Documents and Settings\Deborah\Desktop\22934.flv
[2012/08/20 01:29:52 | 001,781,747 | ---- | C] () -- C:\Documents and Settings\Deborah\Desktop\MYA_Live_LIV_CQ_-_YouTube.flv
[2012/08/20 01:25:00 | 006,525,213 | ---- | C] () -- C:\Documents and Settings\Deborah\Desktop\02 - Drum Beats.mp3
[2012/08/20 01:24:30 | 004,361,854 | ---- | C] () -- C:\Documents and Settings\Deborah\Desktop\Fellowship Chicago Live_ Awesome.mp3
[2012/08/20 00:54:41 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/08/20 00:54:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/08/20 00:54:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/08/20 00:54:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/08/20 00:54:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/08/12 19:52:50 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2012/08/12 19:52:10 | 000,001,018 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2012/08/12 19:51:12 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/08/12 19:46:23 | 000,204,339 | ---- | C] () -- C:\WINDOWS\hpwins26.dat
[2012/08/12 19:46:23 | 000,000,370 | ---- | C] () -- C:\WINDOWS\hpwmdl26.dat
[2012/08/11 21:30:48 | 000,057,749 | ---- | C] () -- C:\Documents and Settings\Deborah\Desktop\HP Installation Error - XP.hta
[2012/08/02 21:15:12 | 000,003,739 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2012/08/02 19:09:05 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/08/02 12:28:14 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Deborah\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/02 12:28:14 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/08/02 12:28:14 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/07/21 17:38:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/01 21:38:41 | 000,204,339 | ---- | C] () -- C:\WINDOWS\hpwins26.dat.temp
[2012/06/01 21:38:41 | 000,000,370 | ---- | C] () -- C:\WINDOWS\hpwmdl26.dat.temp
[2012/04/14 11:03:23 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/04/14 11:03:18 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/04/14 11:03:18 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/04/14 10:59:47 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2012/03/18 17:25:17 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Deborah\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/29 17:21:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/12 18:56:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/11/12 18:13:49 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Deborah\Local Settings\Application Data\fusioncache.dat
[2011/11/12 17:19:42 | 000,116,910 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2011/11/12 17:19:42 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2011/11/12 16:37:37 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2011/11/12 16:36:48 | 000,000,741 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2011/11/11 17:38:25 | 000,000,027 | ---- | C] () -- C:\WINDOWS\SmAudio.INI
[2011/11/10 16:23:15 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011/11/09 23:39:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/11/09 23:35:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/11/09 16:41:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/11/09 16:40:10 | 000,194,568 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2012/04/07 23:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdvancedRegistryClear
[2012/07/07 22:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/04/07 23:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deborah\Application Data\AdvancedRegistryClear
[2012/07/20 20:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deborah\Application Data\Replay Media Catcher 4

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#11
Essexboy
Posted 20 August 2012 - 12:57 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My apologies, could you run OTL with all users selected please as I need to check all run keys
  • 0

#12
hbkvcu
Posted 20 August 2012 - 01:34 PM

hbkvcu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I did the Quick Scan....I wasn't sure if you wanted me to click Run Scan....


OTL logfile created on: 8/20/2012 3:09:37 PM - Run 4
OTL by OldTimer - Version 3.2.58.0 Folder = C:\Documents and Settings\Deborah\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 75.21% Memory free
3.60 Gb Paging File | 3.31 Gb Available in Paging File | 92.10% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 216.64 Gb Free Space | 93.03% Space Free | Partition Type: NTFS

Computer Name: DEBORAH-PIRC590 | User Name: Deborah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/19 00:38:54 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Deborah\Desktop\OTL.exe
PRC - [2012/08/02 18:58:33 | 000,161,776 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/04/04 01:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/03/21 21:16:10 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010/03/09 10:39:58 | 001,280,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Internet Content Filter\mfp.exe
PRC - [2010/03/09 10:39:58 | 000,235,024 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Internet Content Filter\UpdateService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/16 17:17:54 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/01 20:20:23 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/22 21:03:37 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/22 20:59:43 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/22 20:59:34 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/08/17 22:56:53 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/17 22:22:16 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/02 18:58:33 | 000,161,776 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/04/19 08:21:16 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/01/28 13:28:50 | 000,203,080 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\McAfee\MSC\McAWFwk.exe -- (McAWFwk)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/09 10:39:58 | 000,235,024 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Internet Content Filter\UpdateService.exe -- (fpUpdateSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Deborah\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/02/22 13:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/02/22 13:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/02/22 13:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/02/22 13:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/02/22 13:29:46 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2012/02/22 13:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/02/22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2012/02/22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2012/02/22 13:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/02/22 13:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/09/02 12:46:28 | 000,254,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV - [2010/09/07 16:08:58 | 000,100,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2008/08/01 19:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 19:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/27 11:52:00 | 001,310,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/02/08 10:46:36 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/12/18 13:18:00 | 000,732,160 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2007/11/01 09:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 09:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/01 09:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/10/12 17:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1417001333-583907252-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1417001333-583907252-839522115-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1417001333-583907252-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1417001333-583907252-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1417001333-583907252-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1417001333-583907252-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/07/28 18:43:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/08/20 14:42:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/12 19:54:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/17 22:56:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/12 19:54:12 | 000,000,000 | ---D | M]

[2012/08/02 12:29:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Deborah\Application Data\Mozilla\Extensions
[2012/08/12 20:12:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\mjv7um8i.default\extensions
[2012/08/12 20:12:26 | 000,000,000 | ---D | M] (HP Detect) -- C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\mjv7um8i.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012/08/02 21:30:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\mjv7um8i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/08/17 22:56:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/17 22:56:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/08/17 22:56:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/08/02 19:09:49 | 001,184,804 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DEBORAH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MJV7UM8I.DEFAULT\EXTENSIONS\[email protected]
[2012/08/17 22:56:54 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/08 19:28:58 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/08 19:28:58 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/08/20 01:00:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120621205343.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ICF] C:\Program Files\Internet Content Filter\mfp.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NVCPL.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1417001333-583907252-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1417001333-583907252-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1417001333-583907252-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1417001333-583907252-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\mswsock.dll File not found
O15 - HKU\S-1-5-21-1417001333-583907252-839522115-1003\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1417001333-583907252-839522115-1003\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1417001333-583907252-839522115-1003\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF0D8CDE-3410-4563-8B29-D1AE5269504D}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/09 23:38:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/20 15:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Verizon
[2012/08/20 01:04:33 | 000,693,235 | ---- | C] (Farbar) -- C:\Documents and Settings\Deborah\Desktop\FSS.exe
[2012/08/20 00:54:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/08/20 00:54:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/08/20 00:54:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/08/20 00:54:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/08/20 00:54:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/20 00:52:29 | 004,735,580 | R--- | C] (Swearware) -- C:\Documents and Settings\Deborah\Desktop\ComboFix.exe
[2012/08/20 00:39:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/19 01:11:39 | 000,598,016 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Deborah\Desktop\OTL.exe
[2012/08/17 22:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/08/12 20:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah\Application Data\HPAppData
[2012/08/12 19:39:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012/08/11 20:47:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2012/08/02 20:18:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah\Local Settings\Application Data\Sun
[2012/08/02 19:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/08/02 18:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/02 17:36:59 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2012/08/02 12:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah\Application Data\Mozilla
[2012/08/02 12:28:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/07/31 18:15:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/07/29 19:20:59 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/07/28 18:36:04 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/21 17:38:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/07/21 17:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

========== Files - Modified Within 30 Days ==========

[2012/08/20 15:13:06 | 000,441,802 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/08/20 15:13:05 | 000,071,698 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/08/20 15:12:44 | 000,001,589 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Verizon Internet Security Suite.lnk
[2012/08/20 15:08:51 | 000,013,704 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/20 15:08:42 | 000,000,573 | ---- | M] () -- C:\Documents and Settings\Deborah\Desktop\xp_system32opens.vbs
[2012/08/20 15:08:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/20 10:37:26 | 000,000,470 | ---- | M] () -- C:\Documents and Settings\Deborah\Desktop\xp_system32opens.zip
[2012/08/20 07:52:19 | 000,333,609 | ---- | M] () -- C:\Documents and Settings\Deborah\Desktop\11437$hk-1.jpg
[2012/08/20 07:52:11 | 000,065,970 | ---- | M] () -- C:\Documents and Settings\Deborah\Desktop\jrAug3_large.jpg
[2012/08/20 07:52:04 | 000,077,973 | ---- | M] () -- C:\Documents and Settings\Deborah\Desktop\Wpv12i_large.jpg
[2012/08/20 07:45:25 | 000,078,474 | ---- | M] () -- C:\Documents and Settings\Deborah\Desktop\YuYpQZ_large.jpg
[2012/08/20 07:44:57 | 000,086,607 | ---- | M] () -- C:\Documents and Settings\Deborah\Desktop\II40hj_large.jpg
[2012/08/20 07:21:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/20 07:14:58 | 000,038,244 | ---- | M] () -- C:\Documents and Settings\Deborah\Desktop\292409_10150994627032643_529774652_n.jpg
[2012/08/20 04:03:35 | 435,571,563 | ---- | M] () -- C:\Documents and Settings\Deborah\Desktop\bkb8912500k.wmv
[2012/08/20 02:10:02 | 154,611,607 | ---- | M] () -- C:\Documents and Settings\Deborah\Desktop\22934.flv
[2012/08/20 01:38:39 | 001,781,747 | ---- | M] () -- C:\Documents and Settings\Deborah\Desktop\Allyson_Felix_on_the_Tonight_Show_-_Blackgirl_Online.flv
[2012/08/20 01:30:02 | 001,781,747 | ---- | M] () -- C:\Documents and Settings\Deborah\Desktop\MYA_Live_LIV_CQ_-_YouTube.flv
[2012/08/20 01:23:12 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Deborah\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/08/20 01:00:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/08/19 19:16:20 | 000,693,235 | ---- | M] (Farbar) -- C:\Documents and Settings\Deborah\Desktop\FSS.exe
[2012/08/19 19:14:38 | 004,735,580 | R--- | M] (Swearware) -- C:\Documents and Settings\Deborah\Desktop\ComboFix.exe
[2012/08/19 00:38:54 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Deborah\Desktop\OTL.exe
[2012/08/18 21:59:54 | 000,194,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/18 21:56:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/12 20:31:53 | 000,204,339 | ---- | M] () -- C:\WINDOWS\hpwins26.dat.temp
[2012/08/12 20:31:53 | 000,204,339 | ---- | M] () -- C:\WINDOWS\hpwins26.dat
[2012/08/12 20:13:32 | 000,057,749 | ---- | M] () -- C:\Documents and Settings\Deborah\Desktop\HP Installation Error - XP.hta
[2012/08/12 19:52:10 | 000,001,018 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2012/08/12 19:51:12 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/08/11 17:35:37 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Deborah\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/11 17:35:37 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/08/02 21:16:35 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/08/02 21:16:35 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/08/02 21:16:31 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/08/02 19:24:50 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Deborah\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/02 19:09:05 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/07/21 19:04:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

========== Files Created - No Company Name ==========

[2012/08/20 10:51:06 | 000,000,573 | ---- | C] () -- C:\Documents and Settings\Deborah\Desktop\xp_system32opens.vbs
[2012/08/20 10:50:33 | 000,000,470 | ---- | C] () -- C:\Documents and Settings\Deborah\Desktop\xp_system32opens.zip
[2012/08/20 07:52:18 | 000,333,609 | ---- | C] () -- C:\Documents and Settings\Deborah\Desktop\11437$hk-1.jpg
[2012/08/20 07:52:10 | 000,065,970 | ---- | C] () -- C:\Documents and Settings\Deborah\Desktop\jrAug3_large.jpg
[2012/08/20 07:52:04 | 000,077,973 | ---- | C] () -- C:\Documents and Settings\Deborah\Desktop\Wpv12i_large.jpg
[2012/08/20 07:45:25 | 000,078,474 | ---- | C] () -- C:\Documents and Settings\Deborah\Desktop\YuYpQZ_large.jpg
[2012/08/20 07:44:56 | 000,086,607 | ---- | C] () -- C:\Documents and Settings\Deborah\Desktop\II40hj_large.jpg
[2012/08/20 07:14:58 | 000,038,244 | ---- | C] () -- C:\Documents and Settings\Deborah\Desktop\292409_10150994627032643_529774652_n.jpg
[2012/08/20 01:41:25 | 435,571,563 | ---- | C] () -- C:\Documents and Settings\Deborah\Desktop\bkb8912500k.wmv
[2012/08/20 01:38:33 | 001,781,747 | ---- | C] () -- C:\Documents and Settings\Deborah\Desktop\Allyson_Felix_on_the_Tonight_Show_-_Blackgirl_Online.flv
[2012/08/20 01:37:13 | 154,611,607 | ---- | C] () -- C:\Documents and Settings\Deborah\Desktop\22934.flv
[2012/08/20 01:29:52 | 001,781,747 | ---- | C] () -- C:\Documents and Settings\Deborah\Desktop\MYA_Live_LIV_CQ_-_YouTube.flv
[2012/08/20 01:25:00 | 006,525,213 | ---- | C] () -- C:\Documents and Settings\Deborah\Desktop\02 - Drum Beats.mp3
[2012/08/20 01:24:30 | 004,361,854 | ---- | C] () -- C:\Documents and Settings\Deborah\Desktop\Fellowship Chicago Live_ Awesome.mp3
[2012/08/20 00:54:41 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/08/20 00:54:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/08/20 00:54:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/08/20 00:54:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/08/20 00:54:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/08/12 19:52:50 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2012/08/12 19:52:10 | 000,001,018 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2012/08/12 19:51:12 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/08/12 19:46:23 | 000,204,339 | ---- | C] () -- C:\WINDOWS\hpwins26.dat
[2012/08/12 19:46:23 | 000,000,370 | ---- | C] () -- C:\WINDOWS\hpwmdl26.dat
[2012/08/11 21:30:48 | 000,057,749 | ---- | C] () -- C:\Documents and Settings\Deborah\Desktop\HP Installation Error - XP.hta
[2012/08/02 21:15:12 | 000,003,739 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2012/08/02 19:09:05 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/08/02 12:28:14 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Deborah\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/02 12:28:14 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/08/02 12:28:14 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/07/21 17:38:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/01 21:38:41 | 000,204,339 | ---- | C] () -- C:\WINDOWS\hpwins26.dat.temp
[2012/06/01 21:38:41 | 000,000,370 | ---- | C] () -- C:\WINDOWS\hpwmdl26.dat.temp
[2012/04/14 11:03:23 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/04/14 11:03:18 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/04/14 11:03:18 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/04/14 10:59:47 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2012/03/18 17:25:17 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Deborah\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/29 17:21:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/12 18:56:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/11/12 18:13:49 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Deborah\Local Settings\Application Data\fusioncache.dat
[2011/11/12 17:19:42 | 000,116,910 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2011/11/12 17:19:42 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2011/11/12 16:37:37 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2011/11/12 16:36:48 | 000,000,741 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2011/11/11 17:38:25 | 000,000,027 | ---- | C] () -- C:\WINDOWS\SmAudio.INI
[2011/11/10 16:23:15 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011/11/09 23:39:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/11/09 23:35:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/11/09 16:41:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/11/09 16:40:10 | 000,194,568 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2012/04/07 23:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdvancedRegistryClear
[2012/07/07 22:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/04/07 23:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deborah\Application Data\AdvancedRegistryClear
[2012/07/20 20:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deborah\Application Data\Replay Media Catcher 4

========== Purity Check ==========



< End of report >
  • 0

#13
Essexboy
Posted 20 August 2012 - 03:46 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm the two usual areas are not showing what I thought

Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As", in FF it's "Save Link As") to download Silent Runners.
  • Save it to the desktop.
  • Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
  • You will receive a prompt:
    • Do you want to skip supplementary searches?
      click NO
  • If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
  • You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
  • Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.
  • 0

#14
hbkvcu
Posted 20 August 2012 - 08:39 PM

hbkvcu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hello,

Here are the results:

"Silent Runners.vbs", revision 64, http://www.silentrunners.org/
Operating System: Microsoft Windows XP Professional Service Pack 3 (32-bit)
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [Synaptics, Inc.]
Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
mcui_exe = "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [McAfee, Inc.]
ICF = C:\Program Files\Internet Content Filter\mfp.exe -noact [McAfee, Inc.]
Adobe Acrobat Speed Launcher = "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe" [Adobe Systems Incorporated]
Acrobat Assistant 8.0 = "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe" [Adobe Systems Inc.]
SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Sun Microsystems, Inc.]
NvCplDaemon = C:\WINDOWS\SYSTEM32\NVCPL.DLL,NVSTARTUP [file not found]
nwiz = C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet [NVIDIA Corporation]
HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [Hewlett-Packard]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM…CLSID} = &Yahoo! Toolbar Helper
\InProcServer32\(Default) = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Inc.]

{0347C33E-8762-4905-BF09-768834316C61}\(Default) = HP Print Enhancer
-> {HKLM…CLSID} = HP Print Enhancer
\InProcServer32\(Default) = C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [Hewlett-Packard Co.]

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub
-> {HKLM…CLSID} = Adobe PDF Link Helper
\InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM…CLSID} = Java™ Plug-In SSV Helper
\InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\ssv.dll [Oracle Corporation]

{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\(Default) = scriptproxy
-> {HKLM…CLSID} = scriptproxy
\InProcServer32\(Default) = C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120621205343.dll [McAfee, Inc.]

{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\(Default) = (no title provided)
-> {HKLM…CLSID} = McAfee SiteAdvisor BHO
\InProcServer32\(Default) = c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [McAfee, Inc.]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM…CLSID} = Java™ Plug-In 2 SSV Helper
\InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]

{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\(Default) = (no title provided)
-> {HKLM…CLSID} = SingleInstance Class
\InProcServer32\(Default) = C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [Yahoo! Inc]

{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\(Default) = HP Smart BHO Class
-> {HKLM…CLSID} = HP Smart BHO Class
\InProcServer32\(Default) = C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [Hewlett-Packard Co.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal Icon Ext
-> {HKLM…CLSID} = HyperTerminal Icon Ext
\InProcServer32\(Default) = C:\WINDOWS\System32\hticons.dll [Hilgraeve, Inc.]

{2F603045-309F-11CF-9774-0020AFD0CFF6} = Synaptics Control Panel
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll [Synaptics, Inc.]

{00020D75-0000-0000-C000-000000000046} = Microsoft Office Outlook Desktop Icon Handler
-> {HKLM…CLSID} = Microsoft Office Outlook
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL [MS]

{0006F045-0000-0000-C000-000000000046} = Microsoft Office Outlook Custom Icon Handler
-> {HKLM…CLSID} = Outlook File Icon Extension
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL [MS]

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll [MS]

{A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class
-> {HKLM…CLSID} = DesktopContext Class
\InProcServer32\(Default) = C:\WINDOWS\system32\nvcpl.dll [NVIDIA Corporation]

{FFB699E0-306A-11d3-8BD1-00104B6F7516} = Play on my TV helper
-> {HKLM…CLSID} = NVIDIA CPL Extension
\InProcServer32\(Default) = C:\WINDOWS\system32\nvcpl.dll [NVIDIA Corporation]

{1CDB2949-8F65-4355-8456-263E7C208A5D} = Desktop Explorer
-> {HKLM…CLSID} = Desktop Explorer
\InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\nView\nvshell.dll [NVIDIA Corporation]

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} = Desktop Explorer Menu
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\nView\nvshell.dll [NVIDIA Corporation]

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} = nView Desktop Context Menu
-> {HKLM…CLSID} = nView Desktop Context Menu
\InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\nView\nvshell.dll [NVIDIA Corporation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

WPDShServiceObj = {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
-> {HKLM…CLSID} = WPDShServiceObj Class
\InProcServer32\(Default) = C:\WINDOWS\system32\WPDShServiceObj.dll [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> application/x-mfe-ipt\CLSID = {3EF5086B-5478-4598-A054-786C45D75692}
-> {HKLM…CLSID} = McInternetProtocolRoot Class
\InProcServer32\(Default) = c:\progra~1\mcafee\msc\mcsniepl.dll [McAfee, Inc.]

<<!>> text/xml\CLSID = {807553E5-5146-11D5-A672-00B0D022E945}
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> dssrequest\CLSID = {5513F07E-936B-4E52-9B00-067394E91CC5}
-> {HKLM…CLSID} = McAfee SACore Protocol Handler
\InProcServer32\(Default) = c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [McAfee, Inc.]

<<!>> mso-offdap\CLSID = {3D9F03FA-7A94-11D3-BE81-0050048385D1}
-> {HKLM…CLSID} = Data Page Pluggable Protocol mso-offdap Handler
\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL [MS]

<<!>> mso-offdap11\CLSID = {32505114-5902-49B2-880A-1F7738E5A384}
-> {HKLM…CLSID} = Data Page Plugable Protocal mso-offdap11 Handler
\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL [MS]

<<!>> sacore\CLSID = {5513F07E-936B-4E52-9B00-067394E91CC5}
-> {HKLM…CLSID} = McAfee SACore Protocol Handler
\InProcServer32\(Default) = c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [McAfee, Inc.]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

McCtxMenuFrmWrk\(Default) = {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2}
-> {HKLM…CLSID} = McCtxFrmWrk Class
\InProcServer32\(Default) = c:\progra~1\mcafee\msc\mcctxm~1.dll [McAfee, Inc.]

PowerZip\(Default) = {FF463FE9-8DA1-11D1-B516-E5028A4DAE22}
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\PowerZip\PZShlExt.dll [Trident Software Pty Ltd]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

00nView\(Default) = {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
-> {HKLM…CLSID} = nView Desktop Context Menu
\InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\nView\nvshell.dll [NVIDIA Corporation]

NvCplDesktopContext\(Default) = {A70C977A-BF00-412C-90B7-034C51DA2439}
-> {HKLM…CLSID} = DesktopContext Class
\InProcServer32\(Default) = C:\WINDOWS\system32\nvcpl.dll [NVIDIA Corporation]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
-> {HKLM…CLSID} = PDF Shell Extension
\InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

McCtxMenuFrmWrk\(Default) = {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2}
-> {HKLM…CLSID} = McCtxFrmWrk Class
\InProcServer32\(Default) = c:\progra~1\mcafee\msc\mcctxm~1.dll [McAfee, Inc.]

PowerZip\(Default) = {FF463FE9-8DA1-11D1-B516-E5028A4DAE22}
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\PowerZip\PZShlExt.dll [Trident Software Pty Ltd]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

PowerZip\(Default) = {FE84CD16-3985-4A0B-B34C-8398D8AA8612}
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\PowerZip\PZShlExt.dll [Trident Software Pty Ltd]


Default executables:
--------------------

<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = ComFile


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

DisableRegistryTools = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
Wallpaper = C:\WINDOWS\web\wallpaper\Bliss.bmp

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\WINDOWS\web\wallpaper\Bliss.bmp


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr [MS]


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

HPAutoplayExpress\
Provider = HP Photosmart Express Software
InvokeProgID = HpqUnApl.Autoplay
InvokeVerb = Express
HKLM\SOFTWARE\Classes\HpqUnApl.Autoplay\shell\Express\DropTarget\CLSID = {57FA3F08-E36E-4820-9CC4-122D46114993}
-> {HKLM…CLSID} = (no title provided)
\LocalServer32\(Default) = C:\Program Files\HP\Digital Imaging\Unload\HpqUnApl.exe [Hewlett-Packard]

HPUnloadAutoplay\
Provider = HP Photosmart Transfer Software
InvokeProgID = HpqUnApl.Autoplay
InvokeVerb = Play
HKLM\SOFTWARE\Classes\HpqUnApl.Autoplay\shell\Play\DropTarget\CLSID = {E1A1C814-FD09-4c9d-BB4A-0394B836A1F0}
-> {HKLM…CLSID} = (no title provided)
\LocalServer32\(Default) = C:\Program Files\HP\Digital Imaging\Unload\HpqUnApl.exe [Hewlett-Packard]

MSWPDShellNamespaceHandler\
Provider = @%SystemRoot%\System32\WPDShextRes.dll,-501
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine =
-> {HKLM…CLSID} = WPDShextAutoplay
\LocalServer32\(Default) = C:\WINDOWS\system32\WPDShextAutoplay.exe [MS]

VLCPlayCDAudioOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.CDAudio
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN]

VLCPlayDVDAudioOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]

VLCPlayDVDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.DVDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN]

VLCPlayMusicFilesOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]

VLCPlaySVCDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.SVCDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN]

VLCPlayVCDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.VCDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN]

VLCPlayVideoFilesOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]


Startup items in "Deborah" & "All Users" startup folders:
---------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor -> shortcut to: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [Hewlett-Packard Co.]


Enabled Scheduled Tasks:
------------------------

Adobe Flash Player Updater -> launches: C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000002\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000003\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
ICF.dll [McAfee, Inc.], 01 - 02, 16
%SystemRoot%\system32\mswsock.dll [MS], 03 - 15


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} = McAfee SiteAdvisor
-> {HKLM…CLSID} = McAfee SiteAdvisor Toolbar
\InProcServer32\(Default) = c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [McAfee, Inc.]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} = (no title provided)
-> {HKLM…CLSID} = Yahoo! Toolbar
\InProcServer32\(Default) = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Inc.]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\

{555D4D79-4BD2-4094-A395-CFC534424A05}\(Default) = (no title provided)
-> {HKLM…CLSID} = HP Smart Web Printing
\InProcServer32\(Default) = C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll [Hewlett-Packard Co.]

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Research
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
ButtonText = Research

{DDE87865-83C5-48C4-8357-2F5B1AA84522}\
ButtonText = Show or hide HP Smart Web Printing
CLSIDExtension = {DDE87865-83C5-48c4-8357-2F5B1AA84522}
-> {HKLM…CLSID} = ClipBookBtn Class
\InProcServer32\(Default) = C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [Hewlett-Packard Co.]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
MenuText = @xpsp3res.dll,-20001
Exec = %windir%\Network Diagnostic\xpnetdiag.exe [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
ButtonText = Messenger
MenuText = Windows Messenger
Exec = C:\Program Files\Messenger\msmsgs.exe [MS]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} = (no title provided)
-> {HKLM…CLSID} = McAfee SiteAdvisor Toolbar
\InProcServer32\(Default) = c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [McAfee, Inc.]
<<H>> {EF99BD32-C1FB-11D2-892F-0090271D4F88} = (no title provided)
-> {HKLM…CLSID} = Yahoo! Toolbar
\InProcServer32\(Default) = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Inc.]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Family Protection Update Service, fpUpdateSvc, C:\Program Files\Internet Content Filter\UpdateService.exe [McAfee, Inc.]
HP CUE DeviceDiscovery Service, hpqddsvc, C:\WINDOWS\system32\svchost.exe -k hpdevmgmt {C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [Hewlett-Packard Co.]}
HP Network Devices Support, HPSLPSVC, C:\WINDOWS\system32\svchost.exe -k HPService {C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [Hewlett-Packard Co.]}
hpqcxs08, hpqcxs08, C:\WINDOWS\system32\svchost.exe -k hpdevmgmt {C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [Hewlett-Packard Co.]}
IHA_MessageCenter, IHA_MessageCenter, "C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe" [null data]
Java Quick Starter, JavaQuickStarterService, "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [Oracle Corporation]
McAfee Anti-Spam Service, MSK80Service, "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.]
McAfee McShield, McShield, "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [McAfee, Inc.]
McAfee Network Agent, McNASvc, "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.]
McAfee Personal Firewall Service, McMPFSvc, "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.]
McAfee Proxy Service, McProxy, "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.]
McAfee Services, mcmscsvc, "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.]
McAfee SiteAdvisor Service, McAfee SiteAdvisor Service, "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.]
McAfee Validation Trust Protection Service, mfevtp, "C:\WINDOWS\system32\mfevtps.exe" [McAfee, Inc.]
McAfee VirusScan Announcer, McNaiAnn, "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.]
Net Driver HPZ12, Net Driver HPZ12, C:\WINDOWS\System32\svchost.exe -k HPZ12 {C:\WINDOWS\system32\HPZinw12.dll [Hewlett-Packard]}
NVIDIA Display Driver Service, nvsvc, C:\WINDOWS\system32\nvsvc32.exe [NVIDIA Corporation]
Pml Driver HPZ12, Pml Driver HPZ12, C:\WINDOWS\System32\svchost.exe -k HPZ12 {C:\WINDOWS\system32\HPZipm12.dll [Hewlett-Packard]}


Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> mcmscsvc, (title not found)
<<!>> MCODS, (title not found)

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> McMPFSvc, Service
<<!>> mcmscsvc, (title not found)
<<!>> MCODS, (title not found)
<<!>> mfefire, Driver
<<!>> mfefirek, Driver
<<!>> mfefirek.sys, Driver
<<!>> mfehidk, Driver
<<!>> mfehidk.sys, Driver
<<!>> mfevtp, Driver
<<!>> {1a3e09be-1e45-494b-9174-d7385b45bbf5}, (title not found)


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
HP Standard TCP/IP Port\Driver = HpTcpMon.dll [Hewlett Packard]
Microsoft Document Imaging Writer Monitor\Driver = mdimon.dll [MS]
PCL hpf3l70w.dll\Driver = hpf3l70w.dll [Hewlett-Packard Company]
PCL hpz3l054\Driver = hpz3l054.dll [Hewlett-Packard Company]


---------- (launch time: 2012-08-20 22:35:17)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 58 seconds.
---------- (total run time: 149 seconds)
  • 0

#15
Essexboy
Posted 21 August 2012 - 07:08 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Let me know if it returns after this reboot

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :Reg
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon=-

:Commands
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP