Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Skynet keeps returning, Yahoo/Google Redirecting [Solved]

Started by msmaine , Jun 22 2009 09:26 AM

  • Please log in to reply

#1
msmaine
Posted 22 June 2009 - 09:26 AM

msmaine

    New Member

  • Member
  • Pip
  • 7 posts
I believe I'm infected with the Skynet virus. I am able to quarantee it with Mcafee, but it returns almost instantly. I have tried several scans the Malwarebytes, Mcafee, Windows Defender, etc with no luck.

I have just finished your suggested steps in your "Malware and Spyware Cleaning Guide" and still have the redirecting. This problem seem to come about the same time I installed a Windows Update and upgraded to IE8. Don't know if there's a connection. Anyway I have since uninstalled IE8 and returned to IE7, trying all Mcafee and Malware with both versions. Also, when I first start a Mcafee scan, it generates an error, but seems to do the scan.

Below are the requested logs.

MalwareBytes:

Malwarebytes' Anti-Malware 1.38
Database version: 2319
Windows 5.1.2600 Service Pack 3

6/21/2009 9:26:38 PM
mbam-log-2009-06-21 (21-26-38).txt

Scan type: Full Scan (C:\|)
Objects scanned: 355540
Time elapsed: 1 hour(s), 30 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


-------------------------------------------------------------------

OTL Log

OTL logfile created on: 6/22/2009 10:28:55 AM - Run 1
OTL by OldTimer - Version 3.0.4.0 Folder = C:\Documents and Settings\Charlie\My Documents\Forecast
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 64.83% Memory free
3.85 Gb Paging File | 2.93 Gb Available in Paging File | 76.06% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.15 Gb Total Space | 160.35 Gb Free Space | 69.97% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MONICA
Current User Name: Charlie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\System32\crypserv.exe (Kenonic Controls Ltd.)
PRC - C:\WINDOWS\System32\dlcqcoms.exe ( )
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
PRC - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\STOPzilla!\STOPzilla.exe (iS3, Inc.)
PRC - C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
PRC - C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe ()
PRC - C:\Program Files\Adelphia HSAgent\bin\tgcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\twc\medicsp2\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Photo AIO Printer 966\memcard.exe ()
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe ()
PRC - C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe (iS3, Inc.)
PRC - C:\Documents and Settings\Charlie\My Documents\Forecast\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative Service for CDROM Access [Auto | Running]) -- C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
SRV - (Crypkey License [Auto | Running]) -- C:\WINDOWS\System32\crypserv.exe (Kenonic Controls Ltd.)
SRV - (dlcq_device [Auto | Running]) -- C:\WINDOWS\System32\dlcqcoms.exe ( )
SRV - (DSBrokerService [Disabled | Stopped]) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [Disabled | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (MpfService [On_Demand | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSK80Service [Auto | Running]) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (NetSvc [On_Demand | Stopped]) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (sprtsvc_medicsp2 [Auto | Running]) -- C:\Program Files\twc\medicsp2\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (szserver [Auto | Running]) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMDM PMSP Service [Auto | Running]) -- C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (6250spi [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\6250spi.sys ()
DRV - (Ai2sXP [System | Running]) -- C:\WINDOWS\System32\drivers\Ai2sXP.sys (Ai Squared )
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (ctsfm2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\System32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (DSproct [On_Demand | Running]) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (dsunidrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (IntelC51 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC51.sys (Intel Corporation)
DRV - (IntelC52 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC52.sys (Intel Corporation)
DRV - (IntelC53 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC53.sys (Intel Corporation)
DRV - (MDC8021X [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (mohfilt [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\mohfilt.sys (Intel Corporation)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (NetworkX [System | Running]) -- C:\WINDOWS\system32\ckldrv.sys ()
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (ossrv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)
DRV - (P17 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\System32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (szkg5 [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\szkg.sys (iS3 Inc.)
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
IE - URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
IE - URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3382224880-1433472317-2579583254-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKU\S-1-5-21-3382224880-1433472317-2579583254-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-3382224880-1433472317-2579583254-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\S-1-5-21-3382224880-1433472317-2579583254-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3382224880-1433472317-2579583254-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3382224880-1433472317-2579583254-1005\S-1-5-21-3382224880-1433472317-2579583254-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3382224880-1433472317-2579583254-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3382224880-1433472317-2579583254-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3382224880-1433472317-2579583254-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3382224880-1433472317-2579583254-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3382224880-1433472317-2579583254-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKU\S-1-5-21-3382224880-1433472317-2579583254-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-3382224880-1433472317-2579583254-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3382224880-1433472317-2579583254-1007\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp.../search/ie.html
IE - HKU\S-1-5-21-3382224880-1433472317-2579583254-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3382224880-1433472317-2579583254-1007\S-1-5-21-3382224880-1433472317-2579583254-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/06/19 10:59:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/03/31 20:47:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/18 17:53:22 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AhIeBho Class) - {10384d0e-2bc1-48b6-844b-ad0e9e6d2511} - C:\Program Files\ZoomText 8.0\AHOI\ah_ie_bho.dll (Ai Squared )
O2 - BHO: (ZILLAbar Browser Helper Object) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll (iS3, Inc)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (no name) - {CB553457-2B13-44E6-935E-02A89939D483} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (STOPzilla) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll (iS3, Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3382224880-1433472317-2579583254-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3382224880-1433472317-2579583254-1007\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\S-1-5-21-3382224880-1433472317-2579583254-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3382224880-1433472317-2579583254-1007\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKU\S-1-5-21-3382224880-1433472317-2579583254-1007\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DLCQCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.DLL ()
O4 - HKLM..\Run: [dlcqmon.exe] C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe ()
O4 - HKLM..\Run: [FaxCenterServer] File not found
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [medicsp2] C:\Program Files\twc\medicsp2\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 966\memcard.exe ()
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.DLL ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [tgcmd] File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe File not found
O4 - HKU\S-1-5-18..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe File not found
O4 - HKU\S-1-5-21-3382224880-1433472317-2579583254-1005..\Run: [DelayShred] c:\Program Files\McAfee\MSHR\ShrCL.exe ()
O4 - HKU\S-1-5-21-3382224880-1433472317-2579583254-1005..\Run: [DellSupport] File not found
O4 - HKU\S-1-5-21-3382224880-1433472317-2579583254-1005..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3382224880-1433472317-2579583254-1005..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3382224880-1433472317-2579583254-1007..\Run: [Aim6] C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe File not found
O4 - HKU\S-1-5-21-3382224880-1433472317-2579583254-1007..\Run: [DellSupport] File not found
O4 - HKU\S-1-5-21-3382224880-1433472317-2579583254-1007..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3382224880-1433472317-2579583254-1007..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3382224880-1433472317-2579583254-1007..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - HKU\S-1-5-21-3382224880-1433472317-2579583254-1007..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3382224880-1433472317-2579583254-1005\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3382224880-1433472317-2579583254-1005\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3382224880-1433472317-2579583254-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3382224880-1433472317-2579583254-1005_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3382224880-1433472317-2579583254-1005_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3382224880-1433472317-2579583254-1007\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3382224880-1433472317-2579583254-1007\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3382224880-1433472317-2579583254-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3382224880-1433472317-2579583254-1007_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3382224880-1433472317-2579583254-1007_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/06/18 17:44:46 | 00,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/06/18 17:44:46 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/06/18 17:44:46 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/06/18 17:44:46 | 00,000,000 | ---D | M]
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Julianna\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} http://supportsoft.a...ad/tgctlins.cab (Support.com Installer)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcopho...stcoActivia.cab (Snapfish Activia)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229615147078 (MUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://atv.disney.go...y/OTOYAX29b.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yaho...alls/yab_af.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} http://photos.yahoo....plorer1_9us.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai...l/installer.exe (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...469/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.92.226.40 24.92.226.41
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\ddcDspMD) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/06/22 08:50:47 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/22 08:37:19 | 00,000,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2009/06/22 08:37:16 | 00,002,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2009/06/21 19:42:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/06/21 19:39:59 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Charlie\Desktop\NTREGOPT.lnk
[2009/06/21 19:39:59 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Charlie\Desktop\ERUNT.lnk
[2009/06/21 19:39:59 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/06/20 10:16:00 | 21,455,38048 | -HS- | C] () -- C:\hiberfil.sys
[2009/06/19 23:32:54 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Charlie\Desktop\Spybot - Search & Destroy.lnk
[2009/06/19 23:32:47 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/06/19 23:32:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/06/19 23:23:22 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/06/19 23:17:03 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/06/19 23:13:43 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/06/18 23:13:02 | 00,003,515 | ---- | C] () -- C:\rollback.ini
[2009/06/18 21:52:32 | 00,000,446 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/06/18 21:52:22 | 00,030,496 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/06/18 21:52:22 | 00,001,484 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/06/18 21:52:22 | 00,000,032 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/06/18 21:52:22 | 00,000,032 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/06/18 21:44:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2009/06/18 21:44:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/06/18 21:41:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Charlie\Local Settings\Application Data\Downloaded Installations
[2009/06/18 21:15:41 | 00,000,000 | ---D | C] -- C:\Program Files\Exterminate It!
[2009/06/18 18:54:58 | 00,003,964 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/06/18 18:51:11 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2009/06/18 18:51:11 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2009/06/18 18:51:11 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2009/06/18 18:51:11 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2009/06/18 18:51:11 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2009/06/18 18:51:11 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2009/06/18 18:51:11 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2009/06/18 18:51:11 | 00,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009/06/18 18:51:10 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2009/06/18 18:51:10 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2009/06/18 18:51:10 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2009/06/18 18:51:10 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2009/06/18 18:46:26 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/06/17 16:56:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/06/17 16:54:48 | 00,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2009/06/17 16:54:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2009/06/17 16:54:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/06/17 11:56:45 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/12 06:08:43 | 00,000,426 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9975C0D4-B0EE-4C0A-A6D7-77B9181608CF}.job
[2009/06/10 21:25:10 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/06/10 21:25:10 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/06/10 21:25:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/06/10 21:23:45 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/06/10 21:20:41 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2009/06/10 21:20:41 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2009/05/28 14:16:24 | 00,017,408 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2009/05/28 14:15:22 | 00,294,912 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2009/05/28 14:14:56 | 00,540,672 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2008/12/17 22:17:33 | 00,877,110 | -HS- | C] () -- C:\WINDOWS\System32\nmnpVvut.ini
[2008/12/17 13:19:31 | 00,890,401 | -HS- | C] () -- C:\WINDOWS\System32\DMpsDcdd.ini
[2007/12/21 16:10:52 | 00,011,465 | ---- | C] () -- C:\WINDOWS\System32\drivers\6250spi.sys
[2007/07/21 20:56:57 | 00,000,694 | ---- | C] () -- C:\WINDOWS\LandexRemote.ini
[2007/03/29 11:55:41 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLPRMON.DLL
[2007/03/29 11:55:41 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLPMONUI.DLL
[2007/03/29 11:55:01 | 00,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\DLCQhcp.dll
[2007/03/29 11:55:01 | 00,274,432 | ---- | C] () -- C:\WINDOWS\System32\DLCQinst.dll
[2007/03/29 11:53:52 | 00,344,064 | R--- | C] () -- C:\WINDOWS\System32\dlcqcoin.dll
[2007/01/21 17:31:32 | 00,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/01/21 17:31:32 | 00,000,104 | RHS- | C] () -- C:\WINDOWS\System32\6A50A5410A.sys
[2006/10/20 20:26:34 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcqinsr.dll
[2006/10/20 20:25:50 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcqcur.dll
[2006/10/20 20:22:56 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlcqjswr.dll
[2006/10/20 20:17:44 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcqinsb.dll
[2006/10/20 20:17:00 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcqcub.dll
[2006/10/20 20:15:26 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcqcu.dll
[2006/10/20 20:14:52 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcqins.dll
[2006/10/20 20:09:14 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\dlcqutil.dll
[2006/10/20 19:46:42 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcqgrd.dll
[2006/10/11 18:41:42 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcqinpa.dll
[2006/10/11 18:01:40 | 00,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcqpmui.dll
[2006/10/11 17:59:56 | 01,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcqserv.dll
[2006/10/11 17:54:10 | 00,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcqcomm.dll
[2006/10/11 17:52:34 | 00,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcqlmpm.dll
[2006/10/11 17:51:16 | 00,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcqiesc.dll
[2006/10/11 17:48:58 | 00,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcqpplc.dll
[2006/10/11 17:48:14 | 00,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcqcomc.dll
[2006/10/11 17:47:42 | 00,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcqprox.dll
[2006/10/11 17:41:04 | 00,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcqusb1.dll
[2006/10/11 17:37:14 | 00,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcqhbn3.dll
[2006/10/06 20:41:06 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/06 06:12:00 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlcqcfg.dll
[2006/08/14 17:32:18 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcqcaps.dll
[2006/08/08 15:58:04 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\dlcqdrs.dll
[2006/07/17 10:36:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2006/05/21 15:14:08 | 00,000,092 | ---- | C] () -- C:\WINDOWS\ka.ini
[2006/05/09 10:10:04 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcqcnv4.dll
[2006/04/30 00:34:04 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\WbxRMenu.dll
[2006/04/25 03:11:18 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcqvs.dll
[2006/04/13 23:18:24 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\atonres.dll
[2006/04/13 23:18:24 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\WbxMSAI.dll
[2006/04/13 23:18:24 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\atonecli.dll
[2006/02/04 13:54:00 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/12/29 21:49:59 | 00,000,046 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2005/12/29 21:49:55 | 00,024,608 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2005/12/29 21:49:55 | 00,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2005/12/29 21:49:46 | 00,000,380 | ---- | C] () -- C:\WINDOWS\dcmuser.ini
[2005/12/09 20:42:02 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/08 19:05:29 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/12/08 18:44:49 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/12/01 15:04:10 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/01 14:55:13 | 00,004,179 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/01 14:49:53 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/12/01 14:49:42 | 00,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/12/01 14:49:42 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/12/01 14:49:36 | 00,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/12/01 14:27:28 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2005/12/01 14:27:28 | 00,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/12/01 14:27:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2005/12/01 14:26:50 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 10:08:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 19:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 19:00:37 | 00,000,639 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/11 19:00:35 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/07/14 15:30:28 | 00,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll

========== Files - Modified Within 30 Days ==========

[2009/06/22 10:30:19 | 00,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9975C0D4-B0EE-4C0A-A6D7-77B9181608CF}.job
[2009/06/22 09:36:53 | 00,002,112 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2009/06/22 08:57:55 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/06/22 08:44:48 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/22 08:39:30 | 00,042,369 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/06/22 08:37:22 | 00,000,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2009/06/22 08:37:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/22 08:36:57 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/22 08:36:54 | 21,455,38048 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/21 19:39:59 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Charlie\Desktop\NTREGOPT.lnk
[2009/06/21 19:39:59 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Charlie\Desktop\ERUNT.lnk
[2009/06/20 18:00:00 | 00,000,446 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/06/20 08:54:53 | 00,004,179 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/06/19 23:32:54 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Charlie\Desktop\Spybot - Search & Destroy.lnk
[2009/06/19 19:16:45 | 00,030,496 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/06/19 19:16:45 | 00,001,484 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/06/19 19:16:45 | 00,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/06/19 19:16:45 | 00,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/06/19 09:48:26 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\Charlie\Desktop\Microsoft Word.lnk
[2009/06/18 23:13:02 | 00,003,515 | ---- | M] () -- C:\rollback.ini
[2009/06/18 18:54:59 | 00,003,964 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/06/18 14:51:13 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/06/18 11:13:57 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/06/17 11:56:45 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/12 18:40:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/06/11 10:05:40 | 00,189,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/10 11:23:04 | 00,002,457 | ---- | M] () -- C:\Documents and Settings\Charlie\Desktop\Microsoft Access.lnk
[2009/06/09 23:02:56 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/08 10:05:20 | 00,000,694 | ---- | M] () -- C:\WINDOWS\LandexRemote.ini
[2009/06/02 11:17:27 | 00,075,776 | ---- | M] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009/06/01 09:51:14 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/06/01 04:00:00 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\dfrg.job
[2009/06/01 01:00:43 | 00,000,356 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/05/28 14:37:21 | 00,356,864 | ---- | M] () -- C:\Documents and Settings\Charlie\My Documents\checkbook-register.xls
[2009/05/28 14:16:24 | 00,017,408 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2009/05/28 14:15:22 | 00,294,912 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2009/05/28 14:14:56 | 00,540,672 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
< End of report >

---------------------------------------------------------------------

Extra Log


OTL Extras logfile created on: 6/22/2009 8:57:51 AM - Run 1
OTL by OldTimer - Version 3.0.4.0 Folder = C:\Documents and Settings\Charlie\My Documents\Forecast
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.68% Memory free
3.85 Gb Paging File | 3.12 Gb Available in Paging File | 81.02% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.15 Gb Total Space | 160.36 Gb Free Space | 69.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MONICA
Current User Name: Charlie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020
"2467:UDP" = 2467:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"2466:UDP" = 2466:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"2469:UDP" = 2469:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL File not found
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger (America Online, Inc.)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL File not found
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL File not found
C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE:*:Enabled:Yahoo! Messenger File not found
C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe:*:Enabled:Yahoo! FT Server (Yahoo! Inc.)
C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine File not found
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox (Yahoo!)
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
C:\Program Files\Common Files\AOL\1160181748\ee\aolsoftware.exe:*:Enabled:AOL Services File not found
C:\Program Files\Common Files\AOL\1160181748\ee\aim6.exe:*:Enabled:AIM File not found
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire ()
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\WINDOWS\system32\dlcqcoms.exe:*:Enabled:Lexmark Communications System ( )
C:\Program Files\adelphia hsagent\bin\tgcmd.exe:*:Disabled:Support.com Scheduler and Command Dispatcher (SupportSoft, Inc.)
C:\Program Files\ZoomText 8.0\Zt8.exe:*:Disabled:ZoomText 8 (Ai Squared )
C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM (AOL LLC)
C:\Program Files\AIM\AIM Pro\aimpro.exe:*:Enabled:AIM Pro File not found
C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger (America Online, Inc.)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath File not found
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
C:\WINDOWS\explorer.exe:*:Enabled:Explorer (Microsoft Corporation)
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent (McAfee, Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{237a4b22-78c2-11d6-a394-00104bd190b1}" = QuickBooks Pro Edition 2003
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2EB5618E-E9CB-436A-841E-E68767E63A01}" = STOPzilla
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{50CD37D1-FB6B-41A8-A8F9-BA1ECB9BF231}" = Eragon Print Studio
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5BF2B19D-9C79-492A-8969-F059F06A627F}" = Print to Fax
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7FB6053A-C51D-4508-A7FD-75F2C0C921AD}" = Picaboo 2.0.406
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{9A00D1BA-D03A-44E5-AF28-86A1F377DF61}" = The Sims Makin' Magic
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0A0A96A-98FA-4D3D-B536-0FF961872C9A}" = VuGo Desktop Application
"{C1A6B23C-438E-4D08-B508-4E830CA8F335}" = IBM ViaVoice TTS Runtime v6.610 - US English
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{ED205C61-14B7-11D6-868F-000347127095}" = ZoomText 8.0
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"3DGroove" = OTOY
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_6" = AIM 6
"American Greetings Crafts! 1.00" = American Greetings Crafts! 1.00
"American Greetings® Art & More Store" = American Greetings® Art & More Store
"AOL Instant Messenger" = AOL Instant Messenger
"ATI Display Driver" = ATI Display Driver
"Citrix Program Neighborhood" = Citrix Program Neighborhood
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"Dell PC Fax" = Dell PC Fax
"Dell Photo AIO Printer 966" = Dell Photo AIO Printer 966
"EphPod" = EphPod
"ERUNT_is1" = ERUNT 1.1j
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"LANDEX Remote_is1" = LANDEX Remote
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Uninstall Utility" = McAfee Uninstaller
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MuVo Driver" = Creative Mass Storage Drivers
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer
"RoadRunnerMedic6.1_is1" = Road Runner Medic 6.1
"UnityWebPlayer" = Unity Web Player
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/22/2009 12:09:54 AM | Computer Name = MONICA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/22/2009 8:33:16 AM | Computer Name = MONICA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/22/2009 8:33:16 AM | Computer Name = MONICA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/22/2009 8:33:18 AM | Computer Name = MONICA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/22/2009 8:33:19 AM | Computer Name = MONICA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/22/2009 8:37:15 AM | Computer Name = MONICA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/22/2009 8:37:15 AM | Computer Name = MONICA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/22/2009 8:40:38 AM | Computer Name = MONICA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/22/2009 8:40:38 AM | Computer Name = MONICA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/22/2009 8:41:54 AM | Computer Name = MONICA | Source = MsiInstaller | ID = 11706
Description = Product: Jasc Paint Shop Photo Album 5 -- Error 1706.No valid source
could be found for product Jasc Paint Shop Photo Album 5. The Windows Installer
cannot continue.

[ System Events ]
Error - 6/20/2009 10:14:50 AM | Computer Name = MONICA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 6/20/2009 10:14:55 AM | Computer Name = MONICA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/20/2009 10:21:11 AM | Computer Name = MONICA | Source = Service Control Manager | ID = 7034
Description = The McAfee Scanner service terminated unexpectedly. It has done this
1 time(s).

Error - 6/20/2009 10:44:22 AM | Computer Name = MONICA | Source = Service Control Manager | ID = 7034
Description = The McAfee Scanner service terminated unexpectedly. It has done this
1 time(s).

Error - 6/20/2009 6:29:10 PM | Computer Name = MONICA | Source = Service Control Manager | ID = 7034
Description = The McAfee Scanner service terminated unexpectedly. It has done this
1 time(s).

Error - 6/20/2009 8:16:12 PM | Computer Name = MONICA | Source = Service Control Manager | ID = 7034
Description = The McAfee Scanner service terminated unexpectedly. It has done this
1 time(s).

Error - 6/20/2009 9:29:08 PM | Computer Name = MONICA | Source = Service Control Manager | ID = 7034
Description = The McAfee Scanner service terminated unexpectedly. It has done this
1 time(s).

Error - 6/20/2009 9:56:16 PM | Computer Name = MONICA | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493}
as /. The error: "%233" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
-Embedding

Error - 6/21/2009 9:52:24 PM | Computer Name = MONICA | Source = Service Control Manager | ID = 7034
Description = The McAfee Scanner service terminated unexpectedly. It has done this
1 time(s).

Error - 6/22/2009 8:48:36 AM | Computer Name = MONICA | Source = Service Control Manager | ID = 7034
Description = The McAfee Scanner service terminated unexpectedly. It has done this
1 time(s).


< End of report >

----------------------------------------------------------------

Rooter Log

Rooter.exe (v1.0.1) by Eric_71
¨
Microsoft Windows XP Professional (5.1.2600) Service Pack 3
32_bits - x86 Family 15 Model 4 Stepping 3, GenuineIntel
¨
C:\ [Fixed-NTFS] .. ( Total:229 Go - Free:160 Go )
D:\ [CD_Rom]
E:\ [CD_Rom]
F:\ [Removable]
G:\ [Removable]
H:\ [Removable]
I:\ [Removable]
J:\ [Removable]
¨
Scan : 08:49.51
Path : C:\Documents and Settings\Charlie\My Documents\Forecast\Rooter.exe
User : Charlie ( Administrator -> YES )
¨
----------------------\\ Processes
¨
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (608)
______ \??\C:\WINDOWS\system32\csrss.exe (656)
______ \??\C:\WINDOWS\system32\winlogon.exe (684)
______ C:\WINDOWS\system32\services.exe (732)
______ C:\WINDOWS\system32\lsass.exe (744)
______ C:\WINDOWS\system32\Ati2evxx.exe (1008)
______ C:\WINDOWS\system32\svchost.exe (1028)
______ C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (1136)
______ C:\WINDOWS\system32\svchost.exe (1176)
______ C:\Program Files\Windows Defender\MsMpEng.exe (1296)
______ C:\WINDOWS\System32\svchost.exe (1340)
______ C:\WINDOWS\system32\svchost.exe (1436)
______ C:\WINDOWS\system32\spoolsv.exe (1620)
______ C:\WINDOWS\system32\svchost.exe (1856)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1888)
______ C:\WINDOWS\system32\CTsvcCDA.exe (1904)
______ C:\WINDOWS\system32\crypserv.exe (1944)
______ C:\WINDOWS\system32\dlcqcoms.exe (1964)
______ C:\Program Files\Java\jre6\bin\jqs.exe (2032)
______ C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (316)
______ C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (524)
______ c:\program files\common files\mcafee\mna\mcnasvc.exe (544)
______ c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (120)
______ C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (1408)
______ C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (1524)
______ C:\Program Files\McAfee\MSK\MskSrver.exe (1568)
______ C:\Program Files\twc\medicsp2\bin\sprtsvc.exe (2224)
______ C:\WINDOWS\system32\svchost.exe (2368)
______ C:\WINDOWS\system32\MsPMSPSv.exe (2496)
______ C:\WINDOWS\system32\svchost.exe (2552)
______ C:\WINDOWS\System32\alg.exe (3224)
______ C:\Program Files\McAfee\MPF\MPFSrv.exe (4076)
______ C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (1392)
______ c:\PROGRA~1\mcafee.com\agent\mcagent.exe (2548)
______ C:\WINDOWS\Explorer.EXE (2812)
______ C:\Program Files\STOPzilla!\STOPzilla.exe (3092)
______ C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (3684)
______ C:\WINDOWS\system32\Rundll32.exe (3692)
______ C:\WINDOWS\system32\dla\tfswctrl.exe (3708)
______ C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe (3716)
______ C:\Program Files\Adelphia HSAgent\bin\tgcmd.exe (3892)
______ C:\Program Files\twc\medicsp2\bin\sprtcmd.exe (3940)
______ C:\Program Files\Dell Photo AIO Printer 966\memcard.exe (3964)
______ C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (3992)
______ C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (1596)
______ C:\Program Files\Java\jre6\bin\jusched.exe (508)
______ C:\Program Files\Windows Defender\MSASCui.exe (1108)
______ C:\WINDOWS\system32\ctfmon.exe (2140)
______ C:\Program Files\DellSupport\DSAgnt.exe (3824)
______ C:\WINDOWS\system32\msiexec.exe (2196)
______ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (2592)
______ C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe (2792)
______ C:\Program Files\Internet Explorer\iexplore.exe (5364)
______ c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe (5836)
______ C:\Documents and Settings\Charlie\My Documents\Forecast\Rooter.exe (3888)
¨
----------------------\\ Device\Harddisk0\
¨
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
¨
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:57544704)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:57576960 | Length:246051025920)
\Device\Harddisk0\Partition3 (Start_Offset:246108602880 | Length:3882332160)
¨
----------------------\\ Scheduled Tasks
¨
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\dfrg.job
C:\WINDOWS\Tasks\McDefragTask.job
C:\WINDOWS\Tasks\McQcTask.job
C:\WINDOWS\Tasks\MP Scheduled Scan.job
C:\WINDOWS\Tasks\ParetoLogic Registration.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\User_Feed_Synchronization-{9975C0D4-B0EE-4C0A-A6D7-77B9181608CF}.job
¨
----------------------\\ Registry
¨
¨
----------------------\\ Files & Folders
¨
----------------------\\ Scan completed at 08:50.47
¨
C:\Rooter$\Rooter_1.txt - (22/06/2009 | 08:50.47)
  • 0

Advertisements

#2
BHowett
Posted 22 June 2009 - 09:45 AM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
Hello and welcome to Geeks To Go! My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again.

please do the following....

ComboFix

Please download ComboFix from Here or Here

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • 0

#3
msmaine
Posted 22 June 2009 - 12:03 PM

msmaine

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
ComboFix seemed to run

Here's the log


ComboFix 09-06-21.01 - Charlie 06/22/2009 13:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1603 [GMT -4:00]
Running from: c:\documents and settings\Charlie\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\SKYNETcvndoyrt.sys
c:\windows\system32\SKYNETlgfjmpxp.dat
c:\windows\system32\SKYNETskamvjvd.dll
c:\windows\system32\SKYNETtivmqrsu.dat
c:\windows\system32\SKYNETylkixvni.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\DMpsDcdd.ini
c:\windows\system32\drivers\SKYNETcvndoyrt.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\nmnpVvut.ini
c:\windows\system32\o4Patch.exe
c:\windows\system32\SKYNETlgfjmpxp.dat
c:\windows\system32\SKYNETskamvjvd.dll
c:\windows\system32\SKYNETtivmqrsu.dat
c:\windows\system32\SKYNETylkixvni.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETjecwynmm


((((((((((((((((((((((((( Files Created from 2009-05-22 to 2009-06-22 )))))))))))))))))))))))))))))))
.

2009-06-22 12:50 . 2009-06-22 15:22 -------- d-----w- C:\Rooter$
2009-06-21 23:39 . 2009-06-21 23:40 -------- d-----w- c:\program files\ERUNT
2009-06-21 00:26 . 2009-06-21 00:26 -------- d-----w- c:\documents and settings\Charlie\.limewire
2009-06-20 03:32 . 2009-06-20 03:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-20 03:32 . 2009-06-20 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-20 03:23 . 2009-06-20 03:23 -------- d-----w- C:\VundoFix Backups
2009-06-20 03:13 . 2009-06-20 03:13 -------- d-----w- c:\program files\Windows Defender
2009-06-19 01:52 . 2009-06-19 23:16 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-19 01:52 . 2009-06-19 23:16 30496 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-19 01:44 . 2009-06-19 23:15 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-06-19 01:44 . 2009-06-19 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-06-19 01:41 . 2009-06-19 01:41 -------- d-----w- c:\documents and settings\Charlie\Local Settings\Application Data\Downloaded Installations
2009-06-19 01:15 . 2009-06-19 01:28 -------- d-----w- c:\program files\Exterminate It!
2009-06-18 22:46 . 2009-06-18 22:46 -------- d-----w- c:\program files\Trend Micro
2009-06-18 21:53 . 2009-06-18 21:53 152576 ----a-w- c:\documents and settings\Charlie\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-18 21:34 . 2009-06-18 21:53 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-18 17:57 . 2009-06-18 17:58 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-17 20:56 . 2009-06-18 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-06-17 20:54 . 2009-06-17 20:54 -------- d-----w- c:\program files\STOPzilla!
2009-06-17 20:54 . 2009-06-22 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-06-17 20:54 . 2009-06-17 20:54 -------- d-----w- c:\program files\Common Files\iS3
2009-06-13 15:44 . 2009-06-13 15:44 -------- d-sh--w- c:\documents and settings\Michael\IECompatCache
2009-06-13 15:43 . 2009-06-13 15:43 -------- d-sh--w- c:\documents and settings\Michael\PrivacIE
2009-06-13 00:00 . 2009-05-19 05:35 10544 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\imappver.dll
2009-06-13 00:00 . 2009-05-19 05:35 1025328 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\gui.dll
2009-06-13 00:00 . 2009-05-19 05:36 97072 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\bsetutil.exe
2009-06-13 00:00 . 2007-08-17 13:34 107872 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\aolsetup.exe
2009-06-13 00:00 . 2009-05-19 05:36 142040 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\alsetup.exe
2009-06-13 00:00 . 2009-05-19 05:36 111920 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AOLSearch.dll
2009-06-13 00:00 . 2009-05-19 05:35 120368 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\aoldlmgr.exe
2009-06-13 00:00 . 2009-05-19 05:35 69104 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\amos.exe
2009-06-13 00:00 . 2009-05-19 05:35 37888 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\amoinst.exe
2009-06-13 00:00 . 2009-05-19 05:35 95792 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AOLFirewallMgr.dll
2009-06-13 00:00 . 2009-05-19 05:35 550024 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AIMLang.exe
2009-06-13 00:00 . 2009-05-19 05:35 2402104 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AIMinst.exe
2009-06-12 19:28 . 2009-06-12 19:28 -------- d-sh--w- c:\documents and settings\Dominic\PrivacIE
2009-06-12 19:26 . 2009-06-12 19:26 -------- d-sh--w- c:\documents and settings\Dominic\IETldCache
2009-06-12 18:19 . 2009-06-12 18:19 -------- d-sh--w- c:\documents and settings\Michael\IETldCache
2009-06-12 10:09 . 2009-06-12 10:09 -------- d-sh--w- c:\documents and settings\Charlie\IECompatCache
2009-06-11 12:15 . 2009-06-11 12:15 -------- d-sh--w- c:\documents and settings\Carina\PrivacIE
2009-06-11 12:14 . 2009-06-11 12:14 -------- d-sh--w- c:\documents and settings\Carina\IETldCache
2009-06-11 10:02 . 2009-06-11 10:02 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-11 09:59 . 2009-06-11 09:59 -------- d-sh--w- c:\documents and settings\Charlie\PrivacIE
2009-06-11 09:57 . 2009-06-11 09:57 -------- d-sh--w- c:\documents and settings\Charlie\IETldCache
2009-06-11 01:25 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 01:25 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 01:25 . 2009-06-18 15:13 -------- d-----w- c:\windows\ie8updates
2009-06-11 01:23 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-06-11 01:20 . 2009-04-29 04:55 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-11 01:20 . 2009-04-29 04:55 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2009-05-30 22:09 . 2009-05-30 22:09 249856 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\components\pfMultiplayer.dll
2009-05-30 22:09 . 2009-05-30 22:09 466944 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\pfHarness\pfHarness.dll
2009-05-30 22:04 . 2007-11-21 08:48 126976 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\PlayFirst.exe
2009-05-28 18:16 . 2009-05-28 18:16 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-05-28 18:15 . 2009-05-28 18:15 294912 ----a-r- c:\windows\system32\SZBase5.dll
2009-05-28 18:14 . 2009-05-28 18:14 540672 ----a-r- c:\windows\system32\SZComp5.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-22 17:53 . 2005-12-10 00:26 -------- d-----w- c:\program files\Dl_cats
2009-06-22 17:52 . 2009-06-22 17:52 424 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2009-06-22 17:52 . 2009-06-22 17:52 1128 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-06-20 14:45 . 2008-10-06 02:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-06-19 23:16 . 2009-06-19 01:52 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-19 23:16 . 2009-06-19 01:52 1484 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-19 01:34 . 2005-12-01 19:01 -------- d-----w- c:\program files\McAfee
2009-06-18 21:53 . 2005-12-01 18:44 -------- d-----w- c:\program files\Java
2009-06-18 21:42 . 2006-02-03 21:55 -------- d-----w- c:\program files\Yahoo! Games
2009-06-18 21:42 . 2005-12-09 13:50 -------- d-----w- c:\program files\Three Rings Design
2009-06-18 21:41 . 2007-12-21 20:10 -------- d-----w- c:\program files\Power Ranger
2009-06-18 21:40 . 2005-12-10 00:27 -------- d-----w- c:\program files\Jasc Software Inc
2009-06-18 21:38 . 2006-08-19 20:51 -------- d-----w- c:\program files\Google
2009-06-18 21:19 . 2005-12-10 00:27 -------- d-----w- c:\documents and settings\Charlie\Application Data\Jasc Software Inc
2009-06-18 17:58 . 2008-12-20 00:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-18 14:54 . 2009-05-16 19:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-06-17 15:27 . 2008-12-20 00:24 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2008-12-20 00:24 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 03:02 . 2008-06-22 23:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-19 05:36 . 2009-06-13 00:01 2884832 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\vwpt.exe
2009-05-19 05:36 . 2009-06-13 00:01 28 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\unregister.bat
2009-05-19 05:36 . 2009-06-13 00:01 1484856 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\toolbar.exe
2009-05-19 05:36 . 2009-06-13 00:01 25 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\register.bat
2009-05-19 05:36 . 2009-06-13 00:01 30512 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\Uninstaller.exe
2009-05-19 05:35 . 2009-06-13 00:01 11568 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\tbinst.dll
2009-05-19 05:35 . 2009-06-13 00:01 376568 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\unagi3.exe
2009-05-19 05:35 . 2009-06-13 00:01 383128 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\tbsetup.exe
2009-05-19 05:35 . 2009-06-13 00:01 4480040 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\ocpinst.exe
2009-05-19 05:35 . 2009-06-13 00:01 15144 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\ocpchk.dll
2009-05-19 05:35 . 2009-06-13 00:01 74536 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\instSup.dll
2009-05-19 05:35 . 2009-06-13 00:01 231216 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\migrator.exe
2009-05-19 05:35 . 2009-06-13 00:01 1225352 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\msvc9rt.exe
2009-05-19 05:35 . 2009-06-13 00:01 36704 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\postproc.exe
2009-05-19 05:35 . 2009-06-13 00:01 172840 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\setup.exe
2009-05-19 05:35 . 2009-06-13 00:01 83752 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\ProgUpd.dll
2009-05-17 13:42 . 2009-05-17 13:42 -------- d-----w- c:\documents and settings\Carina\Application Data\PlayFirst
2009-05-15 21:12 . 2009-05-15 21:12 -------- d-----w- c:\program files\Unity
2009-05-12 18:13 . 2009-05-12 18:13 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2009-05-07 15:32 . 2004-08-11 23:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-08-11 23:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-17 12:26 . 2004-08-11 23:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-11 23:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-04 21:12 . 2007-12-25 22:54 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-04-03 20:32 . 2008-12-18 00:59 52224 ----a-w- c:\documents and settings\Dominic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-02 23:17 . 2007-10-08 17:13 52224 ----a-w- c:\documents and settings\Carina\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-01 19:28 . 2009-04-01 19:28 52224 ----a-w- c:\documents and settings\Michael\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-01 02:45 . 2005-12-10 00:49 52224 ----a-w- c:\documents and settings\Charlie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-27 14:56 . 2009-03-27 14:56 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll
2009-03-27 14:55 . 2009-03-27 14:55 393216 ----a-r- c:\windows\system32\IS3DBA5.dll
2009-03-27 14:55 . 2009-03-27 14:55 372736 ----a-r- c:\windows\system32\IS3UI5.dll
2009-03-27 14:55 . 2009-03-27 14:55 61440 ----a-r- c:\windows\system32\IS3Hks5.dll
2009-03-27 14:54 . 2009-03-27 14:54 23040 ----a-r- c:\windows\system32\IS3XDat5.dll
2009-03-27 14:54 . 2009-03-27 14:54 221184 ----a-r- c:\windows\system32\IS3Win325.dll
2009-03-27 14:54 . 2009-03-27 14:54 94208 ----a-r- c:\windows\system32\IS3Inet5.dll
2009-03-27 14:53 . 2009-03-27 14:53 90112 ----a-r- c:\windows\system32\IS3Svc5.dll
2009-03-27 14:50 . 2009-03-27 14:50 716800 ----a-r- c:\windows\system32\IS3Base5.dll
2009-03-25 15:06 . 2007-02-27 20:51 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 15:06 . 2007-02-27 20:51 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-03-25 15:06 . 2007-02-27 20:51 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-03-25 15:06 . 2007-02-27 20:51 79880 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 15:05 . 2007-02-27 20:51 34216 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2008-03-26 13:18 . 2007-01-21 21:31 104 --sh--r- c:\windows\system32\6A50A5410A.sys
2008-03-26 13:18 . 2007-01-21 21:31 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"dlcqmon.exe"="c:\program files\Dell Photo AIO Printer 966\dlcqmon.exe" [2006-12-12 291720]
"DLCQCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll" [2006-10-16 106496]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"tgcmd"="c:\program files\Adelphia HSAgent\bin\tgcmd.exe" [2004-01-06 1855488]
"medicsp2"="c:\program files\twc\medicsp2\bin\sprtcmd.exe" [2008-02-01 198184]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-11-05 180269]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 966\memcard.exe" [2006-12-12 304008]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-12-12 312200]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-18 148888]
"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2004-06-10 60928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2006-7-24 49152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Charlie^Start Menu^Programs^Startup^Picaboo.lnk]
path=c:\documents and settings\Charlie\Start Menu\Programs\Startup\Picaboo.lnk
backup=c:\windows\pss\Picaboo.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RasAuto"=3 (0x3)
"mnmsrvc"=3 (0x3)
"ImapiService"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"DSBrokerService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dlcqcoms.exe"=
"c:\\Program Files\\adelphia hsagent\\bin\\tgcmd.exe"=
"c:\\Program Files\\ZoomText 8.0\\Zt8.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"2467:UDP"= 2467:UDP:Windows Media Format SDK (iexplore.exe)
"2466:UDP"= 2466:UDP:Windows Media Format SDK (iexplore.exe)
"2469:UDP"= 2469:UDP:Windows Media Format SDK (iexplore.exe)

R1 Ai2sXP;Ai2sXP;c:\windows\system32\drivers\Ai2sXP.sys [12/29/2005 9:49 PM 5760]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/5/2008 8:57 PM 210216]
R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files\twc\medicsp2\bin\sprtsvc.exe [4/6/2008 7:54 PM 202280]
R2 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [5/12/2009 2:13 PM 61328]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 6250spi;Elan USB Bridge Service;c:\windows\system32\drivers\6250spi.sys [12/21/2007 4:10 PM 11465]
.
Contents of the 'Scheduled Tasks' folder

2009-06-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-06-01 c:\windows\Tasks\dfrg.job
- c:\windows\system32\dfrg.msc [2004-08-11 11:00]

2009-02-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-27 14:53]

2009-06-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-27 14:53]

2009-06-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-06-22 c:\windows\Tasks\User_Feed_Synchronization-{9975C0D4-B0EE-4C0A-A6D7-77B9181608CF}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 15:58]
.
- - - - ORPHANS REMOVED - - - -

BHO-{CB553457-2B13-44E6-935E-02A89939D483} - (no file)
HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Search
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Julianna\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
Trusted Zone: musicmatch.com\online
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-22 13:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCQCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(744)
c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll

- - - - - - - > 'explorer.exe'(3944)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\system32\Crypserv.exe
c:\windows\system32\dlcqcoms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2009-06-22 14:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-22 18:00

Pre-Run: 172,094,640,128 bytes free
Post-Run: 172,609,564,672 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=4 Default=4 Failed=2 LastKnownGood=3 Sets=1,2,3,4
359 --- E O F --- 2009-06-19 03:12
  • 0

#4
BHowett
Posted 22 June 2009 - 12:24 PM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
Hi

looks like that took out Skynet, things should be running a bit better now :) Please do the following...

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
===============================================

TFC

Download TFC[/b to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

===============================================

Kaspersky WebScanner
please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the [b]Save button.
  • Please post this log in your next reply.
===============================================

needed in your next reply:

MBAM log
Kaspersky WebScanner report

And let me know how things are running now :)
  • 0

#5
msmaine
Posted 22 June 2009 - 07:24 PM

msmaine

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here are the logs. When Malwarebytes rebooted for the last time, StopZilla came up with CatchMe trojan, which it appears it removed.

MBAM log:

Malwarebytes' Anti-Malware 1.38
Database version: 2323
Windows 5.1.2600 Service Pack 3

6/22/2009 5:50:00 PM
mbam-log-2009-06-22 (17-50-00).txt

Scan type: Quick Scan
Objects scanned: 153474
Time elapsed: 2 hour(s), 56 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


---------------------------------------------------------------------------------

Kaspersky Log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, June 22, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, June 22, 2009 22:57:55
Records in database: 2378674
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 166923
Threat name: 1
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 02:41:06


File name / Threat name / Threats count
C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys2\WebSys.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1

The selected area was scanned.
  • 0

#6
msmaine
Posted 22 June 2009 - 07:41 PM

msmaine

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Sorry, forgot to tell you how computer was running. I was able to do a few a searches, and wasn't redirected. So its looking good, but is that CatchMe something else now??

Thanks
  • 0

#7
BHowett
Posted 22 June 2009 - 09:26 PM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
Hello again,

catchme is a rootkit/stealth malware detector by Gmer, that runs as part of the combofix scan. I'm not quite sure why StopZilla flagged it but its fine.

please do the following...

OTM by OldTimer

Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
explorer.exe

:Services

:Reg

:Files
C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys2\WebSys.mmz 
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz
:Commands
[purity]
[emptytemp]
[Reboot]

  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post..
  • 0

#8
msmaine
Posted 23 June 2009 - 05:18 AM

msmaine

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here's that log, thanks again for all the help.


All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys2\WebSys.mmz moved successfully.
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: Administrator1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Carina
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Charlie
->Temp folder emptied: 71220165 bytes
->Temporary Internet Files folder emptied: 24502420 bytes
->Java cache emptied: 128013 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dominic
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Julianna

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: Michael
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 2072 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 21927 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 91.46 mb


OTM by OldTimer - Version 3.0.0.0 log created on 06232009_065100

Files moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#9
BHowett
Posted 23 June 2009 - 07:03 AM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
Hi msmaine,

Well done, your log appears clean :)

Now lets uninstall Combofix:
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /u, it needs to be there.
    Posted Image

===============================================

Click Here to download OTC
Double-click OTC.exe to run it.
Click the Clean up button
Click Yes to the reboot.

Now delete any logs that you have left over on your desktop.

===============================================

For some useful tips on staying clean, along with links to some freeware to help, have a look at this page.

To find out more information about how you got infected in the first place, you can read this article.

===============================================

Follow this list and your potential for being infected again will reduce dramatically.

Thanks for letting us help you!

Edited by BHowett, 23 June 2009 - 03:04 PM.

  • 0

#10
BHowett
Posted 23 June 2009 - 10:04 AM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements

#11
BHowett
Posted 23 June 2009 - 03:05 PM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
I have reopened the topic and replaced the OTC link, let me know if you have any other questions :)
  • 0

#12
msmaine
Posted 23 June 2009 - 05:26 PM

msmaine

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks, the new link worked. Everything seems to be running good. I'll be rescanning my computer tonight, but so far it looks good.

Thanks for the help

MS
  • 0

#13
BHowett
Posted 24 June 2009 - 06:29 AM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
Hi,

what are you rescanning with, your logs look fine?
  • 0

#14
msmaine
Posted 24 June 2009 - 07:35 AM

msmaine

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Mcafee, Malwarebytes, I'm just a little craz'd now, and my kids are itching to use the system, but it is running great and the scans are clean. I'll be going over the protection notes later today and implementing them. Thanks again
  • 0

#15
BHowett
Posted 24 June 2009 - 07:55 AM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
no problem I'm glad I could help... I will mark this on as resolved


safe surfing :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP