Ricardohf 0 Report post Posted November 9, 2009 Hello, I see that this topic was observed in 2007 July - but when i verify my HijackThis Log vs the ones posted they do not match, I have uploaded my HJT Log here, hopefully you can shed some light as to what files i need to remove so I can get rid of this Red Dot. I have never downloaded any key Logging programs, so Add/Remove Programs doesnt show anything out of the ordinary. Any help would be greatly appreciated!! Some information about my PC: OS - Windows XP SP 3 I currently have : AV - McAffee Total Protection Package, Spyware Doctor & CCleaner hijackthis11_08_09.txt Share this post Link to post Share on other sites
Rorschach112 0 Report post Posted November 9, 2009 don't attach the logs Download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on. Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply. Share this post Link to post Share on other sites
Ricardohf 0 Report post Posted November 10, 2009 Rorschach112, Thank you for youre reply. Here is the log from the combo fix. Hope it helps Combofix_11_09_09.txt Share this post Link to post Share on other sites
Rorschach112 0 Report post Posted November 10, 2009 don't attach the logs Download TFC to your desktop Open the file and close any other windows. It will close all programs itself when run, make sure to let it run uninterrupted. Click the Start button to begin the process. The program should not take long to finish its job Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean Please download Malwarebytes' Anti-Malware from Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Go to Kaspersky website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programsArchivesMail databases [*]Click on My Computer under Scan. [*]Once the scan is complete, it will display the results. Click on View Scan Report. [*]You will see a list of infected items there. Click on Save Report As.... [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here. Share this post Link to post Share on other sites
Ricardohf 0 Report post Posted November 10, 2009 Thanks I will do that as soon as I get home today. Any thoughtsd why McAffee AV will not locate/detect and quarantine this virus?? I makes me mad I have to download all these other programs to fix my PC when I paid about $90 for a program that should have already fixed it. Share this post Link to post Share on other sites
Rorschach112 0 Report post Posted November 10, 2009 because mcafee is useless Share this post Link to post Share on other sites
Rorschach112 0 Report post Posted November 16, 2009 Due to lack of feedback, this topic has been closed. If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic. Thank You ! Share this post Link to post Share on other sites
Rorschach112 0 Report post Posted November 23, 2009 This topic has been reopened at the original posters request. Share this post Link to post Share on other sites
Rorschach112 0 Report post Posted November 23, 2009 post the logs Share this post Link to post Share on other sites
Ricardohf 0 Report post Posted November 24, 2009 here is the HJT log ogfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:00:56 PM, on 11/23/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Mcafee\MWL\MwlGui.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\Anti-Theft\McPvTray.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\WINDOWS\system32\hphmon03.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\HPHipm09.exe C:\Program Files\Mcafee\MWL\MwlSvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070728 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url="http://search.yahoo.com/search?fr=mcafee&p=%s"]http://search.yahoo.com/search?fr=mcafee&p=%s[/url] R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGuiSt.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [McPvTray] C:\Program Files\McAfee\Anti-Theft\McPvTray.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: Add to Windows &Live Favorites - [url="http://favorites.live.com/quickadd.aspx"]http://favorites.live.com/quickadd.aspx[/url] O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [url="http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab"]http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab[/url] O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - [url="https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab"]https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab[/url] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url="http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab"]http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab[/url] O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- End of file - 13031 bytes Share this post Link to post Share on other sites
Ricardohf 0 Report post Posted November 24, 2009 Here is the Combo Fix Log from today (11-23-09) also ComboFix 09-11-23.02 - Home 11/23/2009 18:13.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1349 [GMT -6:00] Running from: c:\documents and settings\Home\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((( Files Created from 2009-10-24 to 2009-11-24 ))))))))))))))))))))))))))))))) . 2009-11-22 20:16 . 2009-11-22 20:16 -------- d-----w- c:\documents and settings\Home\Application Data\Malwarebytes 2009-11-22 20:16 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-22 20:16 . 2009-11-22 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-22 20:16 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-22 20:16 . 2009-11-22 20:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-21 23:29 . 2009-11-24 00:13 1093632 ----a-w- c:\windows\system32\{B419FDF5-2084-4BE6-0A02-E64B7A0EEC4B}.dat 2009-11-17 00:45 . 2009-11-17 00:45 152576 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-17 00:45 . 2009-11-17 00:45 79488 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-11-13 19:47 . 2009-11-13 19:47 1047224 ----a-w- c:\documents and settings\Home\Application Data\Move Networks\MoveMediaPlayer_071303000005.exe 2009-11-12 02:33 . 2009-11-12 02:33 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Blizzard Entertainment 2009-11-10 19:29 . 2009-11-12 01:54 -------- d-----w- c:\program files\Microsoft Silverlight 2009-11-10 19:28 . 2009-11-10 19:28 -------- d-----w- c:\program files\Microsoft Office Outlook Connector 2009-11-10 19:28 . 2009-08-06 04:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys 2009-11-10 19:26 . 2009-11-10 19:26 -------- d-----w- c:\program files\Microsoft Sync Framework 2009-11-10 19:23 . 2009-11-23 03:25 -------- d-----w- c:\documents and settings\Home\Tracing 2009-11-10 19:22 . 2009-11-10 19:28 -------- d-----w- c:\program files\Microsoft 2009-11-10 19:22 . 2009-11-10 19:22 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-11-10 19:18 . 2009-11-10 19:18 -------- d-----w- c:\program files\Common Files\Windows Live 2009-11-10 01:03 . 2009-11-24 00:13 8693760 ----a-w- c:\windows\system32\{97A9575E-C7EF-6833-A1A8-5668C8E25C68}.dat 2009-11-10 00:44 . 2009-11-10 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix 2009-11-10 00:41 . 2009-11-10 00:41 -------- d-----w- c:\program files\Citrix 2009-11-10 00:37 . 2009-11-24 00:13 1093632 ----a-w- c:\windows\system32\{B84C918C-48D4-47D7-736E-B3470429B947}.dat 2009-11-10 00:10 . 2009-11-24 00:13 8742912 ----a-w- c:\windows\system32\{9CED436E-7735-6370-91BC-1263F8F81863}.dat 2009-11-09 06:46 . 2009-11-24 00:20 92776448 ----a-w- c:\windows\system32\{3DB1BB77-1D3E-C260-8844-4EC2E16B44C2}.dat 2009-11-09 06:38 . 2009-11-24 00:20 4869120 ----a-w- c:\windows\system32\{6CED8F45-9B24-933F-BA70-1293CE5E1893}.dat 2009-11-09 04:08 . 2009-11-24 00:20 2193408 ----a-w- c:\windows\system32\{EFE39714-BC66-103A-EB68-1C1098751610}.dat 2009-11-09 02:34 . 2009-11-24 00:13 2521088 ----a-w- c:\windows\system32\{8F922D8D-946F-704F-72D2-6D7005C06770}.dat 2009-11-09 01:08 . 2009-11-24 00:13 1273856 ----a-w- c:\windows\system32\{E29D449D-4967-1D7F-62BB-621D15B3681D}.dat 2009-11-08 22:50 . 2009-11-24 00:13 2226176 ----a-w- c:\windows\system32\{2A93BEDC-D55A-D57A-2341-6CD5536266D5}.dat 2009-11-08 21:39 . 2009-11-24 00:13 2177024 ----a-w- c:\windows\system32\{CA96E309-A04F-357D-F61C-69359B076335}.dat 2009-11-08 21:39 . 2009-11-24 00:13 1093632 ----a-w- c:\windows\system32\{0F22CBE6-88A0-F0C9-1934-DDF07C2FD7F0}.dat 2009-11-08 18:39 . 2009-11-08 18:39 -------- d-----w- c:\program files\Trend Micro 2009-11-08 18:18 . 2009-11-08 18:18 118226 ----a-w- C:\cc_20091108_121831.reg 2009-11-08 17:42 . 2009-11-24 00:13 1093632 ----a-w- c:\windows\system32\{24FE6AD5-856B-DB08-2A95-01DB5F950BDB}.dat 2009-11-08 02:36 . 2009-11-24 00:13 1700864 ----a-w- c:\windows\system32\{9B2BD6A9-2AB9-64DD-5629-D46421DCDE64}.dat 2009-11-07 22:50 . 2009-11-24 00:13 1093632 ----a-w- c:\windows\system32\{D7107B44-CACA-28EF-BB84-EF28D05FE528}.dat 2009-11-07 22:50 . 2009-11-24 00:13 1093632 ----a-w- c:\windows\system32\{31C5B9A6-C92F-CE3A-5946-3ACE3F9D30CE}.dat 2009-11-07 22:47 . 2009-11-24 00:13 1175552 ----a-w- c:\windows\system32\{9DD01D0A-C7F5-622F-F5E2-2F6285382562}.dat 2009-11-07 22:46 . 2009-11-24 00:13 1273856 ----a-w- c:\windows\system32\{B51113FC-C804-4AEE-03EC-EE4A7436E44A}.dat 2009-11-07 22:46 . 2009-11-24 00:13 1093632 ----a-w- c:\windows\system32\{14E94E3A-B1D3-EB16-C5B1-16EBB26B1CEB}.dat 2009-11-07 22:37 . 2009-11-07 22:37 65700 ---ha-w- c:\windows\system32\mlfcache.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-24 00:05 . 2007-08-15 23:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-11-24 00:05 . 2009-01-08 04:25 -------- d-----w- c:\program files\Spyware Doctor 2009-11-23 07:05 . 2008-02-24 20:52 -------- d-----w- c:\program files\LimeWire 2009-11-22 23:38 . 2007-08-24 06:26 -------- d-----w- c:\documents and settings\Home\Application Data\McAfee 2009-11-21 21:40 . 2007-08-25 00:28 -------- d-----w- c:\program files\McAfee 2009-11-17 00:46 . 2007-07-28 20:54 -------- d-----w- c:\program files\Java 2009-11-13 19:48 . 2009-10-20 18:33 -------- d-----w- c:\documents and settings\Home\Application Data\Move Networks 2009-11-13 19:48 . 2009-10-20 18:33 34062 ----a-w- c:\documents and settings\Home\Application Data\Move Networks\ie_bin\Uninst.exe 2009-11-13 00:43 . 2007-08-11 02:37 -------- d-----w- c:\program files\World of Warcraft 2009-11-11 05:38 . 2007-09-16 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-11-10 19:28 . 2008-06-26 23:31 -------- d-----w- c:\program files\Windows Live 2009-11-10 19:27 . 2008-06-26 23:38 -------- d-----w- c:\program files\Windows Live Toolbar 2009-11-08 01:37 . 2007-09-11 04:44 -------- d-----w- c:\documents and settings\Home\Application Data\LimeWire 2009-10-19 22:34 . 2009-10-19 22:19 27736 ----a-w- C:\cc_20091019_171901.reg 2009-10-19 17:49 . 2009-06-15 20:08 -------- d-----w- c:\program files\Common Files\Adobe 2009-10-14 03:57 . 2007-08-25 09:37 -------- d-----w- c:\program files\Microsoft SQL Server 2009-10-14 03:55 . 2007-07-28 21:06 -------- d-----w- c:\program files\Microsoft Works 2009-10-11 10:17 . 2009-01-08 04:53 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-05 05:24 . 2007-12-07 21:50 -------- d-----w- c:\documents and settings\Home\Application Data\Apple Computer 2009-10-04 20:01 . 2009-10-04 20:00 -------- d-----w- c:\program files\iTunes 2009-10-04 20:01 . 2009-10-04 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-10-04 20:00 . 2009-10-04 20:00 -------- d-----w- c:\program files\iPod 2009-10-04 20:00 . 2007-12-07 21:48 -------- d-----w- c:\program files\Common Files\Apple 2009-10-04 19:58 . 2009-10-04 19:56 -------- d-----w- c:\program files\QuickTime 2009-10-04 19:50 . 2009-10-04 19:50 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe 2009-10-04 19:50 . 2009-10-04 19:49 -------- d-----w- c:\program files\Safari 2009-10-04 19:47 . 2007-07-28 21:10 84840 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-03 04:38 . 2009-10-03 04:38 117522 ----a-w- C:\cc_20091002_233833.reg 2009-10-03 04:17 . 2005-08-16 09:41 88699 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-09-30 18:11 . 2009-01-08 04:43 288096 -c--a-r- c:\documents and settings\Home\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll 2009-09-26 16:31 . 2009-09-26 16:28 71282 ----a-w- C:\cc_20090926_112828.reg 2009-09-16 15:22 . 2007-08-25 00:28 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-09-16 15:22 . 2007-08-25 00:28 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-09-16 15:22 . 2007-08-25 00:28 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-09-16 15:22 . 2007-08-25 00:28 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-09-16 15:22 . 2007-08-25 00:28 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-09-15 18:15 . 2009-09-15 18:15 3638 ----a-r- c:\documents and settings\Home\Application Data\Microsoft\Installer\{F45B17BD-460F-4501-AE52-F286D1CB749F}\_BE396F60BF226F9295759E.exe 2009-09-15 18:15 . 2009-09-15 18:15 3638 ----a-r- c:\documents and settings\Home\Application Data\Microsoft\Installer\{F45B17BD-460F-4501-AE52-F286D1CB749F}\_A8007A9787C66FC1B7DCFC.exe 2009-09-15 18:15 . 2009-09-15 18:15 3638 ----a-r- c:\documents and settings\Home\Application Data\Microsoft\Installer\{F45B17BD-460F-4501-AE52-F286D1CB749F}\_94AB30F5053B55628403E4.exe 2009-09-15 18:15 . 2009-09-15 18:15 3638 ----a-r- c:\documents and settings\Home\Application Data\Microsoft\Installer\{F45B17BD-460F-4501-AE52-F286D1CB749F}\_449136216BFAF22BB9C474.exe 2009-09-11 14:18 . 2004-08-10 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-09-01 05:59 . 2009-03-25 01:38 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-08-29 08:08 . 2006-03-04 03:33 916480 ------w- c:\windows\system32\wininet.dll 2009-08-29 00:42 . 2009-08-30 04:11 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-08-29 00:42 . 2008-11-02 13:10 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-08-26 08:00 . 2004-08-10 11:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2007-08-14 17:40 . 2007-08-14 17:40 774144 -c--a-w- c:\program files\RngInterstitial.dll 2007-09-06 19:02 . 2007-08-09 05:28 88 --sha-r- c:\windows\system32\3496F2EAAE.sys 2007-09-06 19:02 . 2007-08-09 05:28 3764 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Ntv2] @="{C8E56399-5F2E-44C1-82C2-26652EC44B00}" [HKEY_CLASSES_ROOT\CLSID\{C8E56399-5F2E-44C1-82C2-26652EC44B00}] 2007-04-16 15:52 1375084 ----a-w- c:\windows\system32\cryptinet.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "MWLExe"="c:\program files\Mcafee\MWL\MWLGuiSt.exe" [2007-07-28 206184] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "McPvTray"="c:\program files\McAfee\Anti-Theft\McPvTray.exe" [2008-05-28 655360] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608] "HPHmon03"="c:\windows\system32\hphmon03.exe" [2006-01-13 311296] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-08-24 1181064] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-24 282624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-10 44544] "RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-7-28 24576] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk backup=c:\windows\pss\ymetray.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Home^Start Menu^Programs^Startup^Yahoo! Widgets.lnk] path=c:\documents and settings\Home\Start Menu\Programs\Startup\Yahoo! Widgets.lnk backup=c:\windows\pss\Yahoo! Widgets.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "TapiSrv"=3 (0x3) "JavaQuickStarterService"=2 (0x2) "clr_optimization_v2.0.50727_32"=3 (0x3) "Bonjour Service"=2 (0x2) "Ati HotKey Poller"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"= "c:\\Program Files\\McAfee\\MWL\\MwlSvc.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R0 McPvDrv;McPvDrv;c:\windows\system32\drivers\McPvDrv.sys [5/28/2008 8:32 AM 61688] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3/24/2009 7:38 PM 206256] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [11/10/2009 1:28 PM 54752] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/2/2008 7:06 PM 210216] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [1/7/2009 10:25 PM 348752] R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [5/15/2009 7:19 PM 18864] S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864] --- Other Services/Drivers In Memory --- *Deregistered* - mchInjDrv . Contents of the 'Scheduled Tasks' folder 2009-11-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34] 2009-11-08 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-08-25 17:22] 2009-11-09 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-08-25 17:22] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: Add to Windows &Live Favorites - [url="http://favorites.live.com/quickadd.aspx"]http://favorites.live.com/quickadd.aspx[/url] IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 Trusted Zone: internet Trusted Zone: mcafee.com . - - - - ORPHANS REMOVED - - - - AddRemove-PictureItPrem_v11 - c:\program files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe ADDREMOVE=1 SKU=PREM VERSION=11 AddRemove-RealArcade 1.2 - c:\program files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2 AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0 AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2009-11-23 18:22 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-11-23 18:24 ComboFix-quarantined-files.txt 2009-11-24 00:24 ComboFix2.txt 2009-11-23 00:01 ComboFix3.txt 2009-11-22 20:26 ComboFix4.txt 2009-11-10 01:22 Pre-Run: 184,628,084,736 bytes free Post-Run: 184,728,723,456 bytes free Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - AD1D77002A65077DA55F8C6786C61988 Share this post Link to post Share on other sites
Rorschach112 0 Report post Posted November 24, 2009 got the mbam and kaspersky ones ? Share this post Link to post Share on other sites
Ricardohf 0 Report post Posted November 24, 2009 I setup kapersky but didnt ran the scan. I uploaded the MBAM from reading in another site. Sorry if I might have screwed things up. What do you recommend i do now? Share this post Link to post Share on other sites
Ricardohf 0 Report post Posted November 24, 2009 Ups nvm I did upload MBAM from your notes - right now I havent ran TFC Share this post Link to post Share on other sites
Ricardohf 0 Report post Posted November 24, 2009 I just ran TFC and rebooted - red dot still there. One thing i did prior to re-running all this again was deleting Lime Wire - P2P software. Did some research and found to be very harmful. Gonna run MBAM now Share this post Link to post Share on other sites
Ricardohf 0 Report post Posted November 24, 2009 Updated MBAM and ran here is the log. Malwarebytes' Anti-Malware 1.41 Database version: 3221 Windows 5.1.2600 Service Pack 3 11/23/2009 11:19:32 PM mbam-log-2009-11-23 (23-19-32).txt Scan type: Quick Scan Objects scanned: 122197 Time elapsed: 7 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Share this post Link to post Share on other sites
Rorschach112 0 Report post Posted November 24, 2009 can you do the kaspersky scan ? do this also Please download [url="http://www.raktor.net/exeHelper/exeHelper.com"][b][color="blue"]exeHelper[/color][/b][/url] to your desktop.[list] [*]Double-click on [b]exeHelper.com[/b] to run the fix. [*]A black window should pop up, press any key to close once the fix is completed. [*]Post the contents of [b]log.txt[/b] ( Will be created in the directory where you ran exeHelper.com ) [/list][b][color="red"]Note :[/color] If the window shows a message that says "Error deleting file", please [u]re-run[/u] the program before posting a log - and post the two logs together ( they will both be in the one file ).[/b] Share this post Link to post Share on other sites
Ricardohf 0 Report post Posted November 24, 2009 Ran Kapersky this morning and showed some infections. Here is the report -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Tuesday, November 24, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Tuesday, November 24, 2009 05:02:46 Records in database: 3282650 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: A:\ C:\ D:\ F:\ G:\ H:\ I:\ J:\ Scan statistics: Objects scanned: 102164 Threats found: 4 Infected objects found: 28 Suspicious objects found: 0 Scan duration: 02:19:21 File name / Threat / Threats count C:\WINDOWS\system32\cryptinet.dll/C:\WINDOWS\system32\cryptinet.dll Infected: not-a-virus:Monitor.Win32.PCPandora.c 24 C:\Documents and Settings\Home\My Documents\My Music\te desean.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1 C:\Documents and Settings\Home\My Documents\My Music\yuri (high bitrate).mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\wizctl.dll.vir Infected: not-a-virus:Monitor.Win32.PCPandora.b 1 C:\WINDOWS\system32\cryptinet.dll Infected: not-a-virus:Monitor.Win32.PCPandora.c 1 Selected area has been scanned. Share this post Link to post Share on other sites
Rorschach112 0 Report post Posted November 24, 2009 do the exehelper step above Please [b]download[/b] [url="http://oldtimer.geekstogo.com/OTM.exe"][b][color="red"]OTM[/color][/b][/url] [list] [*] [b]Save[/b] it to your [b]desktop[/b]. [*] Please double-click [b]OTM[/b] to run it. ([b]Note:[/b] If you are running on Vista, right-click on the file and choose [b]Run As Administrator[/b]). [*][b]Copy the lines in the codebox below to the clipboard[/b] by highlighting [b]ALL[/b] of them and [b]pressing CTRL + C[/b] (or, after highlighting, right-click and choose [b]Copy[/b]): [code]:Processes :Services :Reg :Files C:\Documents and Settings\Home\My Documents\My Music\te desean.mp3 C:\Documents and Settings\Home\My Documents\My Music\yuri (high bitrate).mp3 C:\WINDOWS\system32\cryptinet.dll :Commands [purity] [emptytemp] [Reboot][/code] [*]Return to OTM, right click in the [b]"Paste Instructions for Items to be Moved"[/b] window (under the yellow bar) and choose [b]Paste[/b]. [*]Click the red [b]Moveit![/b] button. [*][b]Copy everything in the Results window (under the green bar) to the clipboard[/b] by highlighting [b]ALL[/b] of them and [b]pressing CTRL + C[/b] (or, after highlighting, right-click and choose copy), and paste it in your next reply. [*]Close [b]OTM[/b] and reboot your PC. [/list][b]Note:[/b] If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose [b]Yes.[/b] In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter [b]*.log[/b] and press the Enter key, navigate to the [b]C:\_OTMoveIt\MovedFiles[/b] folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. Share this post Link to post Share on other sites
Ricardohf 0 Report post Posted November 24, 2009 (edited) Run the exeHelper first?? ...nevermind - i need to learn how to read better I'll run them both tonight. thanks Edited November 24, 2009 by Changoleon Share this post Link to post Share on other sites
Rorschach112 0 Report post Posted November 24, 2009 ok Share this post Link to post Share on other sites
Ricardohf 0 Report post Posted November 25, 2009 Ok here is exeHelper log exeHelper by Raktor Build 20091122 Run at 18:18:00 on 11/24/09 Now searching... Checking for numerical processes... Checking for sysguard processes... Checking for bad processes... Checking for bad files... Checking for bad registry entries... Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished-- Share this post Link to post Share on other sites
Ricardohf 0 Report post Posted November 25, 2009 Ran OTM, here is the log, All processes killed ========== PROCESSES ========== ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== C:\Documents and Settings\Home\My Documents\My Music\te desean.mp3 moved successfully. C:\Documents and Settings\Home\My Documents\My Music\yuri (high bitrate).mp3 moved successfully. C:\WINDOWS\system32\cryptinet.dll moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Home ->Temp folder emptied: 90166690 bytes ->Temporary Internet Files folder emptied: 6043675 bytes ->Java cache emptied: 128020 bytes ->Apple Safari cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 19522 bytes Total Files Cleaned = 91.99 mb OTM by OldTimer - Version 3.1.2.0 log created on 11242009_182249 Files moved on Reboot... C:\Documents and Settings\Home\Local Settings\Temp\jkos-Home\binaries\Arj.ppl moved successfully. C:\Documents and Settings\Home\Local Settings\Temp\jkos-Home\binaries\avlib.ppl moved successfully. C:\Documents and Settings\Home\Local Settings\Temp\jkos-Home\binaries\Avp1.ppl moved successfully. C:\Documents and Settings\Home\Local Settings\Temp\jkos-Home\binaries\AvpMgr.ppl moved successfully. Share this post Link to post Share on other sites
Rorschach112 0 Report post Posted November 25, 2009 hi Download [url="http://oldtimer.geekstogo.com/OTL.exe"][b][color="red"]OTL[/color][/b][/url] to your Desktop[list] [*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. [*]Under the Custom Scan box paste this in [b]netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll /md5stop HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs[/b] [*]Click the [u]Quick Scan[/u] button. Do not change any settings unless otherwise told to do so. The scan wont take long.[list] [*]When the scan completes, it will open two notepad windows. [b]OTL.Txt[/b] and [b]Extras.Txt[/b]. These are saved in the same location as OTL. [*]Please copy [b](Edit->Select All, Edit->Copy)[/b] the contents of these files, one at a time [/list] [/list] Share this post Link to post Share on other sites
Ricardohf 0 Report post Posted November 25, 2009 Ok here is OTL.txt OTL logfile created on: 11/25/2009 5:34:22 PM - Run 1 OTL by OldTimer - Version 3.1.10.1 Folder = C:\Documents and Settings\Home\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.60% Memory free 3.85 Gb Paging File | 2.86 Gb Available in Paging File | 74.49% Paging File free Paging file location(s): c:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 228.13 Gb Total Space | 171.94 Gb Free Space | 75.37% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HOME-PC Current User Name: Home Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan [color="#E56717"]========== Processes (SafeList) ==========[/color] PRC - [2009/11/25 17:33:28 | 00,531,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe PRC - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe PRC - [2009/08/23 22:13:27 | 01,181,064 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe PRC - [2009/08/23 22:13:26 | 01,097,096 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009/07/08 13:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe PRC - [2009/07/07 16:45:22 | 00,436,752 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MSC\McUICnt.exe PRC - [2009/05/21 10:13:58 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009/05/07 22:30:22 | 00,192,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSM\McSmtFwk.exe PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2009/02/11 10:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe PRC - [2009/02/06 18:21:00 | 00,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe PRC - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2008/10/25 10:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008/08/13 23:04:44 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe PRC - [2008/05/28 08:33:10 | 00,655,360 | ---- | M] (McAfee) -- C:\Program Files\McAfee\Anti-Theft\McPvTray.exe PRC - [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/07/28 09:33:02 | 00,910,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MWL\MwlSvc.exe PRC - [2007/07/28 09:32:58 | 01,279,336 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MWL\MwlGui.exe PRC - [2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe PRC - [2006/07/24 09:20:00 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe PRC - [2006/07/06 06:15:00 | 00,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2006/07/06 06:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2006/06/01 15:25:00 | 00,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe PRC - [2006/01/13 00:46:57 | 00,311,296 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon03.exe PRC - [2006/01/13 00:46:57 | 00,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe PRC - [2006/01/13 00:46:57 | 00,077,824 | ---- | M] (HP) -- C:\WINDOWS\system32\hphipm09.exe PRC - [2005/09/08 04:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE PRC - [2005/08/05 12:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe PRC - [2005/08/05 12:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe PRC - [2005/08/05 12:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe PRC - [2005/08/05 12:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe PRC - [2004/07/27 15:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe PRC - [2003/10/29 01:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe [color="#E56717"]========== Modules (SafeList) ==========[/color] MOD - [2009/11/25 17:33:28 | 00,531,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe MOD - [2009/02/13 14:11:44 | 00,100,864 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\klg.dat MOD - [2009/02/11 10:06:38 | 00,014,032 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll MOD - [2008/11/13 14:19:40 | 00,148,944 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll MOD - [2008/04/13 18:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2008/04/13 18:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2004/08/10 05:00:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\serwvdrv.dll MOD - [2004/08/10 05:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\umdmxfrm.dll [color="#E56717"]========== Win32 Services (SafeList) ==========[/color] SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService) SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield) SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon) SRV - [2009/08/23 22:13:26 | 01,097,096 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService) SRV - [2009/08/05 22:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc) SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009/07/08 19:22:22 | 00,068,112 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor) SRV - [2009/07/08 13:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service) SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy) SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc) SRV - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009/02/11 10:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService) SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2008/11/24 21:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008/10/25 10:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008/08/13 23:04:44 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0) SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state) SRV - [2008/04/13 18:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc) SRV - [2007/07/28 09:33:02 | 00,910,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MWL\MwlSvc.exe -- (MWLSvc) SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc) SRV - [2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr) SRV - [2006/07/06 06:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® SRV - [2006/06/07 14:03:20 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller) SRV - [2006/06/01 15:25:00 | 00,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe -- (ELService) Intel® SRV - [2006/01/13 00:46:57 | 00,077,824 | ---- | M] (HP) -- C:\WINDOWS\system32\hphipm09.exe -- (Pml Driver) SRV - [2005/08/05 12:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched) SRV - [2005/08/05 12:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc) [color="#E56717"]========== Standard Registry (SafeList) ==========[/color] [color="#E56717"]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = [url="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"]http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070728 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [url="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"]http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070728 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"]http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [url="http://www.msn.com/"]http://www.msn.com/[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 28 46 C7 B2 FA 69 CA 01 [binary data] IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/08/29 22:00:30 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/18 12:33:33 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/07 22:53:13 | 00,000,000 | ---D | M] [2009/07/27 19:17:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Mozilla\Extensions [2009/07/27 19:17:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Mozilla\Extensions\[email protected] O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP) O4 - HKLM..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe (Hewlett-Packard) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools) O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [McPvTray] C:\Program Files\McAfee\Anti-Theft\McPvTray.exe (McAfee) O4 - HKLM..\Run: [MWLExe] C:\Program Files\McAfee\MWL\MWLGuiSt.exe (McAfee, Inc.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0 O8 - Extra context menu item: Add to Windows &Live Favorites - File not found O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries 0000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries 0000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [url="http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab"]http://download.microsoft.com/download/C/0...heckControl.cab[/url] (Windows Genuine Advantage Validation Tool) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} [url="http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab"]http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab[/url] (Windows Live Safety Center Base Module) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} [url="https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab"]https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab[/url] (HP Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab"]http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[/url] (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab"]http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab[/url] (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.220.0.10 24.220.0.11 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\httpx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\httpsx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/08/16 03:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/07/10 19:54:09 | 00,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation) MsConfig - Services: "TapiSrv" MsConfig - Services: "JavaQuickStarterService" MsConfig - Services: "clr_optimization_v2.0.50727_32" MsConfig - Services: "Bonjour Service" MsConfig - Services: "Ati HotKey Poller" MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE - File not found MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe - (Yahoo! Inc.) MsConfig - StartUpFolder: C:^Documents and Settings^Home^Start Menu^Programs^Startup^Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe - (Yahoo! Inc.) MsConfig - StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]ATICCC[/b] - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.) MsConfig - StartUpReg: [b]DMXLauncher[/b] - hkey= - key= - C:\Program Files\Dell\Media Experience\DMXLauncher.exe () MsConfig - StartUpReg: [b]ISUSPM Startup[/b] - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) MsConfig - StartUpReg: [b]iTunesHelper[/b] - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: [b]McENUI[/b] - hkey= - key= - C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.) MsConfig - StartUpReg: [b]NBKeyScan[/b] - hkey= - key= - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation) SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools) SafeBootMin: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools) SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation) SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools) SafeBootNet: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools) SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error. ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error. ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error. ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {38539595-3E29-410d-ABBD-3D6A75BC9A73} - Reg Error: Value error. ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494) ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297) ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295) ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3 ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation) [color="#E56717"]========== Files/Folders - Created Within 14 Days ==========[/color] [2009/11/25 17:33:26 | 00,531,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe [2009/11/24 18:22:49 | 00,000,000 | ---D | C] -- C:\_OTM [2009/11/24 18:20:31 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTM.exe [2009/11/23 18:07:25 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009/11/22 14:16:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\Malwarebytes [2009/11/22 14:16:32 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/11/22 14:16:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/11/22 14:16:27 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/11/22 14:16:26 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/11/22 14:14:23 | 00,341,504 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\TFC.exe [2009/11/11 20:33:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Local Settings\Application Data\Blizzard Entertainment [2007/08/14 11:40:53 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll [color="#E56717"]========== Files - Modified Within 14 Days ==========[/color] [2009/11/25 17:33:28 | 00,531,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe [2009/11/25 17:26:18 | 00,049,599 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF [2009/11/25 17:23:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/11/25 17:23:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/11/25 17:23:48 | 21,453,00480 | -HS- | M] () -- C:\hiberfil.sys [2009/11/24 23:20:16 | 06,029,312 | -H-- | M] () -- C:\Documents and Settings\Home\NTUSER.DAT [2009/11/24 23:19:52 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Home\ntuser.ini [2009/11/24 21:15:43 | 00,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk [2009/11/24 19:21:40 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009/11/24 19:20:51 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/11/24 18:21:48 | 01,093,632 | ---- | M] () -- C:\WINDOWS\System32\{B84C918C-48D4-47D7-736E-B3470429B947}.dat [2009/11/24 18:21:46 | 01,093,632 | ---- | M] () -- C:\WINDOWS\System32\{F14F928A-9863-0EDB-756D-B00E0557BA0E}.dat [2009/11/24 18:21:40 | 08,693,760 | ---- | M] () -- C:\WINDOWS\System32\{97A9575E-C7EF-6833-A1A8-5668C8E25C68}.dat [2009/11/24 18:21:40 | 02,177,024 | ---- | M] () -- C:\WINDOWS\System32\{3D9B3C4D-35EE-C20F-B2C3-64C2C6F96EC2}.dat [2009/11/24 18:21:40 | 01,093,632 | ---- | M] () -- C:\WINDOWS\System32\{A04C04F4-0D57-5FD8-0BFB-B35F78C1B95F}.dat [2009/11/24 18:20:38 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTM.exe [2009/11/24 18:18:57 | 01,093,632 | ---- | M] () -- C:\WINDOWS\System32\{D7107B44-CACA-28EF-BB84-EF28D05FE528}.dat [2009/11/24 18:17:19 | 00,291,840 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\exeHelper.com [2009/11/24 17:04:19 | 10,819,1744 | ---- | M] () -- C:\WINDOWS\System32\{3DB1BB77-1D3E-C260-8844-4EC2E16B44C2}.dat [2009/11/24 17:04:19 | 08,742,912 | ---- | M] () -- C:\WINDOWS\System32\{9CED436E-7735-6370-91BC-1263F8F81863}.dat [2009/11/24 17:04:19 | 05,689,344 | ---- | M] () -- C:\WINDOWS\System32\{6CED8F45-9B24-933F-BA70-1293CE5E1893}.dat [2009/11/24 17:04:19 | 03,162,112 | ---- | M] () -- C:\WINDOWS\System32\{8F922D8D-946F-704F-72D2-6D7005C06770}.dat [2009/11/24 17:04:19 | 02,521,088 | ---- | M] () -- C:\WINDOWS\System32\{2A93BEDC-D55A-D57A-2341-6CD5536266D5}.dat [2009/11/24 17:04:19 | 02,471,936 | ---- | M] () -- C:\WINDOWS\System32\{EFE39714-BC66-103A-EB68-1C1098751610}.dat [2009/11/24 17:04:19 | 02,177,024 | ---- | M] () -- C:\WINDOWS\System32\{CA96E309-A04F-357D-F61C-69359B076335}.dat [2009/11/24 17:04:19 | 01,700,864 | ---- | M] () -- C:\WINDOWS\System32\{9B2BD6A9-2AB9-64DD-5629-D46421DCDE64}.dat [2009/11/24 17:04:19 | 01,273,856 | ---- | M] () -- C:\WINDOWS\System32\{E29D449D-4967-1D7F-62BB-621D15B3681D}.dat [2009/11/24 17:04:19 | 01,273,856 | ---- | M] () -- C:\WINDOWS\System32\{B51113FC-C804-4AEE-03EC-EE4A7436E44A}.dat [2009/11/24 17:04:19 | 01,175,552 | ---- | M] () -- C:\WINDOWS\System32\{9DD01D0A-C7F5-622F-F5E2-2F6285382562}.dat [2009/11/24 17:04:19 | 01,093,632 | ---- | M] () -- C:\WINDOWS\System32\{B419FDF5-2084-4BE6-0A02-E64B7A0EEC4B}.dat [2009/11/24 17:04:19 | 01,093,632 | ---- | M] () -- C:\WINDOWS\System32\{31C5B9A6-C92F-CE3A-5946-3ACE3F9D30CE}.dat [2009/11/24 17:04:19 | 01,093,632 | ---- | M] () -- C:\WINDOWS\System32\{24FE6AD5-856B-DB08-2A95-01DB5F950BDB}.dat [2009/11/24 17:04:19 | 01,093,632 | ---- | M] () -- C:\WINDOWS\System32\{14E94E3A-B1D3-EB16-C5B1-16EBB26B1CEB}.dat [2009/11/24 17:04:19 | 01,093,632 | ---- | M] () -- C:\WINDOWS\System32\{0F22CBE6-88A0-F0C9-1934-DDF07C2FD7F0}.dat [2009/11/23 22:57:42 | 00,341,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\TFC.exe [2009/11/23 18:22:16 | 00,000,246 | ---- | M] () -- C:\WINDOWS\system.ini [2009/11/22 14:16:39 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/22 14:07:15 | 00,077,808 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Gastos.xlsx [2009/11/21 22:47:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/11/17 22:22:19 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2009/11/16 19:42:02 | 00,009,209 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Air Fin Data 11-16-09.xlsx [2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe [2009/11/11 18:40:15 | 00,599,794 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/11/11 18:40:15 | 00,495,554 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/11/11 18:40:15 | 00,092,996 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/11/11 18:35:33 | 00,307,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [color="#E56717"]========== Files Created - No Company Name ==========[/color] [2009/11/24 18:17:18 | 00,291,840 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\exeHelper.com [2009/11/24 07:33:09 | 02,177,024 | ---- | C] () -- C:\WINDOWS\System32\{3D9B3C4D-35EE-C20F-B2C3-64C2C6F96EC2}.dat [2009/11/24 07:33:09 | 01,093,632 | ---- | C] () -- C:\WINDOWS\System32\{A04C04F4-0D57-5FD8-0BFB-B35F78C1B95F}.dat [2009/11/24 07:32:22 | 01,093,632 | ---- | C] () -- C:\WINDOWS\System32\{F14F928A-9863-0EDB-756D-B00E0557BA0E}.dat [2009/11/22 14:16:39 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/21 17:29:12 | 01,093,632 | ---- | C] () -- C:\WINDOWS\System32\{B419FDF5-2084-4BE6-0A02-E64B7A0EEC4B}.dat [2009/11/16 19:42:01 | 00,009,209 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Air Fin Data 11-16-09.xlsx [2009/05/15 19:51:32 | 00,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini [2008/11/30 23:57:55 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2008/11/29 21:32:45 | 00,000,196 | ---- | C] () -- C:\Documents and Settings\Home\Application Data\G-Force Prefs (WindowsMediaPlayer).txt [2008/11/27 13:59:23 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2008/10/04 13:26:00 | 00,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini [2008/09/10 13:20:55 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Home\Application Data\default.pls [2008/07/06 21:37:47 | 00,000,484 | ---- | C] () -- C:\WINDOWS\MTB13.INI [2007/09/16 22:13:38 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Home\Application Data\dvd.bmk [2007/08/23 00:40:03 | 00,000,067 | ---- | C] () -- C:\WINDOWS\SpotAuditor.INI [2007/08/09 22:31:08 | 00,040,960 | ---- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/08/08 23:28:45 | 00,003,764 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2007/08/08 23:28:45 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\3496F2EAAE.sys [2007/08/08 23:12:59 | 04,252,938 | -H-- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\IconCache.db [2007/08/08 23:12:59 | 00,037,280 | ---- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2007/08/08 23:12:59 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\fusioncache.dat [2007/08/08 23:12:59 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Home\Application Data\desktop.ini [2007/07/28 15:11:26 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2007/07/28 15:04:29 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini [2007/07/28 14:37:04 | 00,001,123 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont [2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2005/11/10 00:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2005/08/16 03:43:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini [2005/08/16 03:38:33 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini [2005/08/16 03:38:33 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini [2005/08/16 03:37:25 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini [2005/08/16 03:37:25 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini [2005/08/16 03:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2005/08/16 03:33:39 | 00,599,794 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2005/08/16 03:33:38 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2005/08/16 03:33:24 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2005/08/16 03:18:43 | 00,000,582 | ---- | C] () -- C:\WINDOWS\win.ini [2005/08/16 03:18:41 | 00,000,246 | ---- | C] () -- C:\WINDOWS\system.ini [2004/08/10 05:00:00 | 01,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll [2004/08/10 05:00:00 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini [2004/08/10 05:00:00 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll [2004/08/10 05:00:00 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll [2004/08/10 05:00:00 | 00,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll [2004/08/10 05:00:00 | 00,456,192 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll [2004/08/10 05:00:00 | 00,386,048 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll [2004/08/10 05:00:00 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll [2004/08/10 05:00:00 | 00,291,840 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll [2004/08/10 05:00:00 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll [2004/08/10 05:00:00 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll [2004/08/10 05:00:00 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll [2004/08/10 05:00:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll [2004/08/10 05:00:00 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll [2004/08/10 05:00:00 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll [2004/08/10 05:00:00 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll [2004/08/10 05:00:00 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini [2004/08/10 05:00:00 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys [2004/08/10 05:00:00 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys [2004/08/10 05:00:00 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys [2004/08/10 05:00:00 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys [2004/08/10 05:00:00 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll [2004/08/10 05:00:00 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys [2004/08/10 05:00:00 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys [2004/08/10 05:00:00 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys [2004/08/10 05:00:00 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys [2004/08/10 05:00:00 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys [2004/08/10 05:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys [2004/08/10 05:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys [2004/08/10 05:00:00 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys [2004/08/10 05:00:00 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys [2004/08/10 05:00:00 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll [2004/08/10 05:00:00 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll [2004/08/10 05:00:00 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll [2004/08/10 05:00:00 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini [2004/08/10 05:00:00 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll [2004/08/10 05:00:00 | 00,010,110 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini [2004/08/10 05:00:00 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys [2004/08/10 05:00:00 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini [2004/08/10 05:00:00 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys [2004/08/10 05:00:00 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll [2004/08/10 05:00:00 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini [2004/08/10 05:00:00 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini [2004/08/10 05:00:00 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini [2004/08/10 05:00:00 | 00,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv [2004/08/10 05:00:00 | 00,002,497 | ---- | C] () -- C:\WINDOWS\System32\setxml.dll [2004/08/10 05:00:00 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini [2004/08/10 05:00:00 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini [2004/08/10 05:00:00 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini [2004/08/09 22:11:42 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2001/08/17 16:36:28 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll [color="#E56717"]========== LOP Check ==========[/color] [2009/10/20 12:06:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe [2008/11/27 13:59:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL [2007/12/07 15:48:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple [2007/12/07 15:50:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2008/10/14 21:22:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard [2009/08/19 20:25:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment [2009/11/09 18:44:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix [2007/07/28 15:02:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel [2008/10/15 12:28:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell [2009/07/11 21:39:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google [2007/08/30 23:19:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GTek [2007/07/28 15:05:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield [2009/11/22 14:16:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/07/18 13:09:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee [2008/10/04 13:19:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee Anti-Theft [2009/11/10 13:26:41 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2009/11/10 23:38:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help [2009/01/08 19:34:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero [2008/08/26 09:43:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS [2009/03/24 19:38:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Tools [2007/09/08 23:58:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime [2008/10/02 19:06:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor [2007/07/28 15:05:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic [2008/09/03 16:19:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2009/11/25 17:26:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2007/09/18 16:20:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia [2007/07/28 15:03:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2007/08/30 01:45:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent [2007/08/09 22:42:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage [2008/06/26 17:30:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller [2007/07/28 15:06:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO [2009/10/04 14:01:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/08/29 22:17:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2009/04/10 14:50:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Adobe [2008/05/22 21:22:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\AdobeUM [2008/11/27 16:58:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Amazon [2009/10/04 23:24:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Apple Computer [2007/07/28 15:10:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\ATI [2008/08/25 22:18:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2007/09/09 00:23:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Corel [2007/09/11 22:55:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Google [2007/07/28 15:08:05 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Home\Application Data\Gtek [2007/08/09 23:23:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Help [2005/08/16 03:50:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Identities [2007/07/28 15:06:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\InstallShield [2007/08/08 23:27:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Leadertech [2009/11/07 19:37:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\LimeWire [2007/08/09 22:32:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Macromedia [2009/11/22 14:16:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Malwarebytes [2009/11/22 17:38:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\McAfee [2009/11/10 18:28:42 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Home\Application Data\Microsoft [2009/11/13 13:48:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Move Networks [2009/07/27 19:17:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Mozilla [2009/01/07 22:25:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\PC Tools [2007/08/08 23:27:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Sonic [2007/08/25 03:56:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Sun [2008/12/14 18:24:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Ventrilo [2008/07/13 17:55:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Winamp [2009/01/27 20:44:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Windows Live Writer [2009/11/21 22:47:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2004/08/10 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/11/08 15:45:53 | 00,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job [2009/11/09 04:04:29 | 00,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job [2009/11/25 17:23:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [color="#E56717"]========== Purity Check ==========[/color] [color="#E56717"]========== Custom Scans ==========[/color] [color="#A23BEC"]< %SYSTEMDRIVE%\*.exe >[/color] [1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ] [1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ] [1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ] [1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ] [1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ] [1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ] [color="#A23BEC"]< MD5 for: AGP440.SYS >[/color] [2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys [2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS [2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [color="#A23BEC"]< MD5 for: ATAPI.SYS >[/color] [2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys [2004/08/10 05:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [color="#A23BEC"]< MD5 for: EVENTLOG.DLL >[/color] [2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [2004/08/10 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll [2004/08/10 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [color="#A23BEC"]< MD5 for: IASTOR.SYS >[/color] [2006/10/10 12:03:48 | 00,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\drivers\storage\R130118\iastor.sys [2006/07/06 05:59:42 | 00,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\i386\iaStor.sys [2006/07/06 05:59:42 | 00,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys [2006/10/10 12:03:48 | 00,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\WINDOWS\system32\drivers\iaStor.sys [2006/05/11 10:30:52 | 00,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\dell\iastor\iastor.sys [2006/07/06 06:01:32 | 00,484,864 | ---- | M] (Intel Corporation) MD5=6A3C354BFC163B81F6EF2FC421280DB5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys [color="#A23BEC"]< MD5 for: NETLOGON.DLL >[/color] [2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll [2004/08/10 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll [2004/08/10 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [color="#A23BEC"]< MD5 for: NVATABUS.SYS >[/color] [2006/03/16 18:51:32 | 00,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys [color="#A23BEC"]< MD5 for: SCECLI.DLL >[/color] [2004/08/10 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll [2004/08/10 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll [2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll [color="#A23BEC"]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-11-25 01:19:01 [color="#E56717"]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D1F691A @Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F0614F @Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3E39C6A @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:813B8EB6 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FE816BE < End of report > Share this post Link to post Share on other sites