BleepingComputer.com: Infected with unknown malware/trojan

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • This topic is locked

Infected with unknown malware/trojan Infection creates processes with spaces in the name

#1 User is offline   crumpms 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 16
  • Joined: 16-January 10

Posted 16 January 2010 - 11:33 AM

Hi everyone, I'm new here. I've got a Dell computer with XP Home SP2 that I'm trying to clean up for a friend. I'm usually pretty good at this, but this one has me baffled.

The symptoms: processes will be created (that show up in the task manager) that have "spaces" in the process name. For example: wmpscfgs.exe, wmpscfgs .exe, wmpscfgs .exe, and so forth. Other process names will show this also.

Here's what I've tried so far: I've run Spybot, AdAware, McAfee, Sophos, Malwarebytes, IObit Security 360, SuperAntiSpyware, and SDFix. They have cleaned some of the infection, but when I reboot it shows up again. I have even pulled the drive and hooked it up as a slave and scanned it from a clean system, but it still has some infection.

I've downloaded and run the DDS.SCR file and also theRootRepeal file. I've also attached the "attach.txt" and "ark.txt" files to this post.

The DDS log contents are below:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Cecilia at 9:35:36.65 on Sat 01/16/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.150 [GMT -6:00]

AV: AntiMalware *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\internet explorer\wmpscfgs.exe
c:\program files\internet explorer\wmpscfgs .exe
c:\program files\internet explorer\wmpscfgs.exe
c:\program files\internet explorer\wmpscfgs .exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\mcafee.com\person~1\mpftray .exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Cecilia\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dell4me.com/myway
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
mSearchAssistant = hxxp://www.google.com/ie
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mRun: [VirusScan Online] c:\progra~1\mcafee.com\vso\mcvsshld.exe
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\McAgent.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\npjpi160_07.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261854862937
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-1 64288]
R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFirewall.sys [2005-2-6 83325]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
S3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [2005-2-6 23296]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
S4 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2006-3-13 126976]
S4 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2005-2-6 225375]
S4 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2006-3-13 122368]
S4 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2005-2-6 245760]
S4 MCVSRte;McAfee.com VirusScan Online Realtime Engine;c:\progra~1\mcafee.com\vso\mcvsrte.exe [2005-2-6 122880]

=============== Created Last 30 ================

2010-01-16 14:36:46 0 d-----w- c:\windows\ERUNT
2010-01-16 04:53:28 0 d-----w- c:\docume~1\cecilia\applic~1\SUPERAntiSpyware.com
2010-01-16 01:03:56 0 d-----w- c:\docume~1\cecilia\applic~1\Malwarebytes
2010-01-02 02:04:39 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-02 02:04:05 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-02 02:02:42 0 d-----w- c:\program files\Lavasoft
2010-01-01 21:03:31 670072 ----a-w- c:\temp\autoruns.exe
2010-01-01 21:03:31 559992 ----a-w- c:\temp\autorunsc.exe
2009-12-31 03:54:56 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit
2009-12-31 03:53:46 8043648 ----a-w- c:\temp\is360setup130.exe
2009-12-29 20:01:20 118 ----a-w- c:\windows\system32\MRT.INI
2009-12-29 17:06:23 15452536 ----a-w- c:\temp\IE7-WindowsXP-x86-enu.exe
2009-12-29 14:14:25 0 d-----w- c:\temp\Dec_29_2009_Registry_Backup_Pre-Safe_Mode_Merge
2009-12-29 04:39:12 3981451 ----a-w- c:\temp\449_ides.exe
2009-12-29 04:28:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Sophos
2009-12-29 04:23:07 155102613 ----a-w- c:\temp\HOME_INSTALLER.EXE
2009-12-28 20:58:54 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-12-28 20:54:49 7451168 ----a-w- c:\temp\SUPERAntiSpyware.exe
2009-12-28 17:40:09 0 d-----w- c:\windows\ServicePackFiles
2009-12-28 15:14:21 0 d-----w- c:\temp\Dec_28_2009_Registry_Backup
2009-12-28 06:06:18 3980936 ----a-w- c:\temp\mbam-rules.exe
2009-12-28 04:55:43 0 d-----w- c:\program files\Trend Micro
2009-12-28 04:33:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-28 04:33:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-28 04:33:17 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-28 04:33:17 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-28 04:32:57 812344 ----a-w- c:\temp\HJTInstall.exe
2009-12-28 04:32:57 4844264 ----a-w- c:\temp\mbam-setup.exe
2009-12-26 20:29:46 984 ----a-w- c:\windows\system32\dllcache\srframe.mmf
2009-12-26 20:29:22 0 d-----w- c:\windows\system32\CatRoot_bak
2009-12-26 20:09:21 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-12-26 20:06:39 47104 ----a-w- c:\windows\system32\dllcache\srdiag.exe
2009-12-26 20:06:17 380416 ----a-w- c:\windows\system32\dllcache\rstrui.exe
2009-12-26 20:03:30 19328 ----a-w- c:\windows\system32\dllcache\OLDFA8.tmp
2009-12-26 20:03:29 12063 ----a-w- c:\windows\system32\dllcache\OLDFA4.tmp
2009-12-26 20:03:24 8192 ----a-w- c:\windows\system32\dllcache\OLDFA0.tmp
2009-12-26 20:03:12 278559 ----a-w- c:\windows\system32\dllcache\OLDF9C.tmp
2009-12-26 20:03:10 303616 ----a-w- c:\windows\system32\dllcache\OLDF99.tmp
2009-12-26 20:01:52 25471 ----a-w- c:\windows\system32\dllcache\OLDF5A.tmp
2009-12-26 20:00:59 53760 ----a-w- c:\windows\system32\dllcache\OLDEF9.tmp
2009-12-26 19:59:58 28160 ----a-w- c:\windows\system32\dllcache\OLDEAF.tmp
2009-12-26 19:55:58 7168 ----a-w- c:\windows\system32\dllcache\OLDD91.tmp
2009-12-26 19:54:59 63547 ----a-w- c:\windows\system32\dllcache\OLDCDF.tmp
2009-12-26 19:53:59 98080 ----a-w- c:\windows\system32\dllcache\OLDC9D.tmp
2009-12-26 19:52:57 77824 ----a-w- c:\windows\system32\dllcache\OLDC52.tmp
2009-12-26 19:51:59 380416 ----a-w- c:\windows\system32\dllcache\OLDBFA.tmp
2009-12-26 19:48:14 62976 ----a-w- c:\windows\system32\dllcache\OLDAAB.tmp
2009-12-26 19:48:13 180360 ----a-w- c:\windows\system32\dllcache\OLDAA8.tmp
2009-12-26 19:48:10 2015744 ----a-w- c:\windows\system32\dllcache\OLDAA4.tmp
2009-12-26 19:48:03 51552 ----a-w- c:\windows\system32\dllcache\OLDAA1.tmp
2009-12-26 19:48:00 38912 ----a-w- c:\windows\system32\dllcache\OLDA9D.tmp
2009-12-26 19:46:58 59104 ----a-w- c:\windows\system32\dllcache\OLDA53.tmp
2009-12-26 19:45:57 12416 ----a-w- c:\windows\system32\dllcache\OLDA05.tmp
2009-12-26 19:45:44 2944 ----a-w- c:\windows\system32\dllcache\OLDA01.tmp
2009-12-26 19:45:40 40960 ----a-w- c:\windows\system32\dllcache\OLD9FD.tmp
2009-12-26 19:45:40 22016 ----a-w- c:\windows\system32\dllcache\OLD9FA.tmp
2009-12-26 19:45:39 1875968 ----a-w- c:\windows\system32\dllcache\OLD9F6.tmp
2009-12-26 19:45:38 98304 ----a-w- c:\windows\system32\dllcache\OLD9F3.tmp
2009-12-26 19:45:23 15360 ----a-w- c:\windows\system32\dllcache\OLD9F0.tmp
2009-12-26 19:45:17 35200 ----a-w- c:\windows\system32\dllcache\OLD9ED.tmp
2009-12-26 19:45:13 6016 ----a-w- c:\windows\system32\dllcache\OLD9E9.tmp
2009-12-26 19:45:10 56832 ----a-w- c:\windows\system32\dllcache\OLD9E5.tmp
2009-12-26 19:45:09 51328 ----a-w- c:\windows\system32\dllcache\OLD9E1.tmp
2009-12-26 19:45:06 82432 ----a-w- c:\windows\system32\dllcache\OLD9DD.tmp
2009-12-26 19:40:58 109085 ----a-w- c:\windows\system32\dllcache\OLD7F1.tmp
2009-12-26 19:40:56 100936 ----a-w- c:\windows\system32\dllcache\OLD7ED.tmp
2009-12-26 19:40:53 9216 ----a-w- c:\windows\system32\dllcache\OLD7E9.tmp
2009-12-26 19:40:50 28700 ----a-w- c:\windows\system32\dllcache\OLD7E5.tmp
2009-12-26 19:40:46 161020 ----a-w- c:\windows\system32\dllcache\OLD7E1.tmp
2009-12-26 19:40:43 702845 ----a-w- c:\windows\system32\dllcache\OLD7DD.tmp
2009-12-26 19:40:41 58592 ----a-w- c:\windows\system32\dllcache\OLD7D9.tmp
2009-12-26 19:40:38 353184 ----a-w- c:\windows\system32\dllcache\OLD7D5.tmp
2009-12-26 19:40:21 10129408 ----a-w- c:\windows\system32\dllcache\OLD7D1.tmp
2009-12-26 19:40:09 13463552 ----a-w- c:\windows\system32\dllcache\OLD7CE.tmp
2009-12-26 19:35:51 28062 ----a-w- c:\windows\system32\dllcache\OLD5BC.tmp
2009-12-26 19:35:50 23808 ----a-w- c:\windows\system32\dllcache\OLD5B8.tmp
2009-12-26 19:35:48 8704 ----a-w- c:\windows\system32\dllcache\OLD5B4.tmp
2009-12-26 19:35:47 12928 ----a-w- c:\windows\system32\dllcache\OLD5B0.tmp
2009-12-26 19:35:46 207360 ----a-w- c:\windows\system32\dllcache\OLD5AC.tmp
2009-12-26 19:33:59 57399 ----a-w- c:\windows\system32\dllcache\OLD4A1.tmp
2009-12-26 19:32:05 11359 ----a-w- c:\windows\system32\dllcache\OLD267.tmp
2009-12-26 19:32:04 21183 ----a-w- c:\windows\system32\dllcache\OLD263.tmp
2009-12-26 19:31:15 16969 ----a-w- c:\windows\system32\dllcache\OLD17B.tmp
2009-12-26 19:31:14 27678 ----a-w- c:\windows\system32\dllcache\OLD173.tmp
2009-12-26 19:31:14 26624 ----a-w- c:\windows\system32\dllcache\OLD177.tmp
2009-12-26 19:31:12 19456 ----a-w- c:\windows\system32\dllcache\OLD16F.tmp
2009-12-26 19:15:35 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2009-12-26 16:26:09 91338304 ----a-w- c:\temp\Ad-AwareInstallation.exe
2009-12-26 16:14:22 16409960 ----a-w- c:\temp\spybotsd162.exe
2009-12-26 04:01:11 54156 ---ha-w- c:\windows\QTFont.qfn
2009-12-26 04:01:11 1409 ----a-w- c:\windows\QTFont.for
2009-12-26 02:46:09 0 d-----w- c:\temp\Dec_25_2009_Registry_Backup
2009-12-26 02:38:26 0 d-----w- C:\SDFix
2009-12-26 02:38:24 1529241 ----a-w- c:\temp\SDFix.exe

==================== Find3M ====================

2009-12-11 13:26:17 64178 ----a-w- c:\windows\system32\OLD8.tmp
2009-11-21 16:36:13 470528 ----a-w- c:\windows\system32\dllcache\aclayers.dll
2009-10-29 05:48:04 1506304 ----a-w- c:\windows\system32\dllcache\shdocvw.dll
2009-10-29 05:48:02 151040 ----a-w- c:\windows\system32\dllcache\cdfview.dll
2009-10-29 05:48:02 1023488 ----a-w- c:\windows\system32\dllcache\browseui.dll
2009-10-28 14:36:11 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-28 14:36:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-28 06:54:16 634632 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2009-10-28 06:52:46 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll
2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 14:58:48 263552 ----a-w- c:\windows\system32\dllcache\http.sys

============= FINISH: 9:35:59.68 ===============

Thanks for any help you can provide on this!

Attached File(s)

  • Attached File  Attach.txt (17.94K)
    Number of downloads: 2
  • Attached File  ark.txt (2.33K)
    Number of downloads: 6

#2 User is online   etavares 

  • Bleepin' Remover
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 10,404
  • Joined: 16-August 08
  • Gender:Male

Posted 22 January 2010 - 05:55 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Also, please subscribe to this topic, so you are notified when someone replies. Please continue to check manually on occasion, as every now and then the email may be caught by your spam filter.
To enable topic notifications you should do the following:
  1. Click on the My Controls link at the top of the page to enter your control panel.
  2. Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.
  3. Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.
  4. Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied.

Information on A/V control HERE

If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Posted Image
Unified Network of Instructors and Trusted Eliminators

#3 User is offline   crumpms 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 16
  • Joined: 16-January 10

Posted 23 January 2010 - 09:46 AM

Hi Etavares,
thanks for replying; I had just about given up on help from here (I know you guys are pretty busy smile.gif )

The system will have processes appear in the task manager. For example, wmpscfgs.exe. Then wmpscfgs .exe will appear (note the embedded space in the process name). These EXE's can be found in the Internet Explorer folder. Multiples of these EXE's will appear in the task manager. I can kill the processes from task manager and delete the EXE's from the folder, but shortly they will reappear again. Sometimes there will be 7 or 8 of these.

Here's info on the system:
It was brought to me by a friend and was massively infected. I ran my usual arsenal of software and cleaned most of the infection. I used Spybot, AdAware, McAfee, Sophos, Malwarebytes, IOBit Security 360, SuperAntiSpyware.

When there was still infection, I pulled the drive and put it in a clean system and scanned it with Sophos. It found a few other things and removed them. I put the drive back into it's system and there is still some kind of infection.

I created an account here and followed the instructions for posting a thread. I downloaded the DDS file and also the RootRepeal file. I ran both. Below is the DDS contents. Attached are the ATTACH and ARK text files.

Since my original post, because there was a long delay, I looked at the DDS file. I noticed there were a lot of TMP files in the DLLCACHE folder. I deleted these TMP files, thinking that some of the infection might be in these. It has not helped.

Thanks for your help on this.

Mike


DDS (Ver_09-12-01.01) - NTFSx86
Run by Cecilia at 7:57:02.75 on Sat 01/23/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.147 [GMT -6:00]

AV: AntiMalware *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\mcafee.com\person~1\mpftray .exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\internet explorer\wmpscfgs.exe
C:\Program Files\Internet Explorer\wmpscfgs.exe
c:\program files\internet explorer\wmpscfgs .exe
c:\program files\internet explorer\wmpscfgs .exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Cecilia\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dell4me.com/myway
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
mSearchAssistant = hxxp://www.google.com/ie
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mRun: [VirusScan Online] c:\progra~1\mcafee.com\vso\mcvsshld.exe
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\McAgent.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\npjpi160_07.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261854862937
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-1 64288]
R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFirewall.sys [2005-2-6 83325]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
S3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [2005-2-6 23296]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
S4 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2006-3-13 126976]
S4 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2005-2-6 225375]
S4 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2006-3-13 122368]
S4 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2005-2-6 245760]
S4 MCVSRte;McAfee.com VirusScan Online Realtime Engine;c:\progra~1\mcafee.com\vso\mcvsrte.exe [2005-2-6 122880]

=============== Created Last 30 ================

2010-01-16 14:36:46 0 d-----w- c:\windows\ERUNT
2010-01-16 04:53:28 0 d-----w- c:\docume~1\cecilia\applic~1\SUPERAntiSpyware.com
2010-01-16 01:03:56 0 d-----w- c:\docume~1\cecilia\applic~1\Malwarebytes
2010-01-02 02:04:39 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-02 02:04:05 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-02 02:02:42 0 d-----w- c:\program files\Lavasoft
2010-01-01 21:03:31 670072 ----a-w- c:\temp\autoruns.exe
2010-01-01 21:03:31 559992 ----a-w- c:\temp\autorunsc.exe
2009-12-31 03:54:56 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit
2009-12-31 03:53:46 8043648 ----a-w- c:\temp\is360setup130.exe
2009-12-29 20:01:20 118 ----a-w- c:\windows\system32\MRT.INI
2009-12-29 17:06:23 15452536 ----a-w- c:\temp\IE7-WindowsXP-x86-enu.exe
2009-12-29 14:14:25 0 d-----w- c:\temp\Dec_29_2009_Registry_Backup_Pre-Safe_Mode_Merge
2009-12-29 04:39:12 3981451 ----a-w- c:\temp\449_ides.exe
2009-12-29 04:28:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Sophos
2009-12-29 04:23:07 155102613 ----a-w- c:\temp\HOME_INSTALLER.EXE
2009-12-28 20:58:54 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-12-28 20:54:49 7451168 ----a-w- c:\temp\SUPERAntiSpyware.exe
2009-12-28 17:40:09 0 d-----w- c:\windows\ServicePackFiles
2009-12-28 15:14:21 0 d-----w- c:\temp\Dec_28_2009_Registry_Backup
2009-12-28 06:06:18 3980936 ----a-w- c:\temp\mbam-rules.exe
2009-12-28 04:55:43 0 d-----w- c:\program files\Trend Micro
2009-12-28 04:33:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-28 04:33:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-28 04:33:17 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-28 04:33:17 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-28 04:32:57 812344 ----a-w- c:\temp\HJTInstall.exe
2009-12-28 04:32:57 4844264 ----a-w- c:\temp\mbam-setup.exe
2009-12-26 20:29:46 984 ----a-w- c:\windows\system32\dllcache\srframe.mmf
2009-12-26 20:29:22 0 d-----w- c:\windows\system32\CatRoot_bak
2009-12-26 20:09:21 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-12-26 20:06:39 47104 ----a-w- c:\windows\system32\dllcache\srdiag.exe
2009-12-26 20:06:17 380416 ----a-w- c:\windows\system32\dllcache\rstrui.exe
2009-12-26 19:15:35 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2009-12-26 16:26:09 91338304 ----a-w- c:\temp\Ad-AwareInstallation.exe
2009-12-26 16:14:22 16409960 ----a-w- c:\temp\spybotsd162.exe
2009-12-26 04:01:11 54156 ---ha-w- c:\windows\QTFont.qfn
2009-12-26 04:01:11 1409 ----a-w- c:\windows\QTFont.for
2009-12-26 02:46:09 0 d-----w- c:\temp\Dec_25_2009_Registry_Backup
2009-12-26 02:38:26 0 d-----w- C:\SDFix
2009-12-26 02:38:24 1529241 ----a-w- c:\temp\SDFix.exe

==================== Find3M ====================

2009-12-11 13:26:17 64178 ----a-w- c:\windows\system32\OLD8.tmp
2009-11-21 16:36:13 470528 ----a-w- c:\windows\system32\dllcache\aclayers.dll
2009-10-29 05:48:04 1506304 ----a-w- c:\windows\system32\dllcache\shdocvw.dll
2009-10-29 05:48:02 151040 ----a-w- c:\windows\system32\dllcache\cdfview.dll
2009-10-29 05:48:02 1023488 ----a-w- c:\windows\system32\dllcache\browseui.dll
2009-10-28 14:36:11 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-28 14:36:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-28 06:54:16 634632 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2009-10-28 06:52:46 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll

============= FINISH: 7:58:03.10 ===============

Attached File(s)

  • Attached File  Attach.zip (3.93K)
    Number of downloads: 1
  • Attached File  ark.txt (2.33K)
    Number of downloads: 5

#4 User is offline   syler 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 8,150
  • Joined: 07-November 07
  • Gender:Male
  • Location:Warrington, UK

Posted 24 January 2010 - 03:17 AM

Hello crumpms,

My name is Syler and I will be helping you to solve your Malware issues.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


  1. Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  2. Disconnect from the Internet and close all running programs, as this process may crash your computer.
  3. Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  4. Double click on Gmer to run it.
  5. Allow the gmer.sys driver to load if asked.
  6. You may see a rootkit warning window, If you do, click No.
  7. Untick the following boxes on the right side of the Gmer screen.
    Sections
    IAT/EAT
    Show All
  8. Click on and wait for the scan to finish.
  9. If you see a rootkit warning window, click OK.
  10. Push and save the logfile to your desktop.
  11. Copy and Paste the contents of that file in your next post.



  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


Then please post back here with the following logs:
  • MBAM log
  • Gmer log
  • log.txt
  • info.txt

Thanks
Posted Image
If I have helped you, and you would like to make a donation to me, click here

#5 User is offline   crumpms 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 16
  • Joined: 16-January 10

Posted 24 January 2010 - 03:35 PM

Syler,
thanks for the reply.
Here are the log files you requested.

Thanks,

Mike

************************************************************************************************************************
************************************************************************************************************************
Malwarebytes' Anti-Malware 1.44
Database version: 3606
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

1/24/2010 2:21:29 PM
mbam-log-2010-01-24 (14-21-29).txt

Scan type: Full Scan (C:\|)
Objects scanned: 204643
Time elapsed: 54 minute(s), 23 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
c:\program files\internet explorer\wmpscfgs.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\SDFix\dummy.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\SDFix\apps\dummy.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004850.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004851.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004852.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\wmpscfgs.exe (Trojan.Agent) -> Delete on reboot.
C:\Program Files\Adobe\acrotray.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\acrotray .exe (Trojan.Agent) -> Quarantined and deleted successfully.

********************************************************************************************************************
********************************************************************************************************************

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-24 12:25:41
Windows 5.1.2600 Service Pack 2
Running: bhsegjts.exe; Driver: C:\DOCUME~1\Cecilia\LOCALS~1\Temp\uxtdypoc.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF890887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF8908BFE]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip MpFirewall.sys (McAfee Personal Firewall Plus 5.0/McAfee Security)
AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp MpFirewall.sys (McAfee Personal Firewall Plus 5.0/McAfee Security)
AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp MpFirewall.sys (McAfee Personal Firewall Plus 5.0/McAfee Security)
AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp MpFirewall.sys (McAfee Personal Firewall Plus 5.0/McAfee Security)
AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs EF06A400

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyvnmwviwu@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyvnmwviwu@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyvnmwviwu@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyvnmwviwu@imagepath \systemroot\system32\drivers\gasfkyxthwbdfi.sys
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyvnmwviwu\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyvnmwviwu\main@aid 10096
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyvnmwviwu\main@sid 0
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyvnmwviwu\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyvnmwviwu\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyvnmwviwu\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyvnmwviwu\main\injector@* gasfkywsp8y.dll
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyvnmwviwu\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyvnmwviwu\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyvnmwviwu\modules@gasfkyrk.sys \systemroot\system32\drivers\gasfkyxthwbdfi.sys
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyvnmwviwu\modules@gasfkycmd.dll \systemroot\system32\gasfkypylnkrbk.dll
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyvnmwviwu\modules@gasfkylog.dat \systemroot\system32\gasfkyexvkbfon.dat
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyvnmwviwu\modules@gasfkywsp.dll \systemroot\system32\gasfkyyxhwsstn.dll
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyvnmwviwu\modules@gasfky.dat \systemroot\system32\gasfkyvpyaywwk.dat
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyvnmwviwu\modules@gasfkywsp8y.dll \systemroot\system32\gasfkymoymfpfw.dll
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTujewpiktpd.sys
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTujewpiktpd.sys
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTwkmxorutob.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyvnmwviwu@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyvnmwviwu@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyvnmwviwu@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyvnmwviwu@imagepath \systemroot\system32\drivers\gasfkyxthwbdfi.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyvnmwviwu\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyvnmwviwu\main@aid 10096
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyvnmwviwu\main@sid 0
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyvnmwviwu\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyvnmwviwu\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyvnmwviwu\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyvnmwviwu\main\injector@* gasfkywsp8y.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyvnmwviwu\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyvnmwviwu\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyvnmwviwu\modules@gasfkyrk.sys \systemroot\system32\drivers\gasfkyxthwbdfi.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyvnmwviwu\modules@gasfkycmd.dll \systemroot\system32\gasfkypylnkrbk.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyvnmwviwu\modules@gasfkylog.dat \systemroot\system32\gasfkyexvkbfon.dat
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyvnmwviwu\modules@gasfkywsp.dll \systemroot\system32\gasfkyyxhwsstn.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyvnmwviwu\modules@gasfky.dat \systemroot\system32\gasfkyvpyaywwk.dat
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyvnmwviwu\modules@gasfkywsp8y.dll \systemroot\system32\gasfkymoymfpfw.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTujewpiktpd.sys
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTujewpiktpd.sys
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTwkmxorutob.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ C:\WINDOWS\system32\scardssp.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ThreadingModel Free
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\ProgID@ Scardssp.SCard.1
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\TypeLib@ {82C38704-19F1-11D3-A11F-00C04F79F800}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\VersionIndependentProgID@ Scardssp.SCard
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InProcServer32@ %SystemRoot%\system32\browseui.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InProcServer32@ThreadingModel Apartment

---- EOF - GMER 1.0.15 ----

***********************************************************************************************************************
***********************************************************************************************************************

info.txt logfile of random's system information tool 1.06 2010-01-24 12:28:06

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint Plus-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
America Online (Choose which version to remove)-->C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AOL Coach Version 1.0(Build:20040229.1 en)-->C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Connectivity Services-->C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Photo AIO Printer 922-->C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTUNST.EXE -NOLICENSE
Dell Picture Studio v3.0-->MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
EarthLink setup files-->MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
EarthLink Software-->"C:\Program Files\EarthLink TotalAccess\uninstll.exe" /W
Get High Speed Internet!-->MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
GoToAssist 8.0.0.514-->C:\Program Files\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall
Greetings Workshop-->C:\Program Files\Greetings Workshop\SETUP\setup.exe
H&R Block Tax Offer-->MsiExec.exe /X{901D1286-529B-48A9-8DDD-4A60CF9E9BF1}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Intel® PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Jasc Paint Shop Photo Album 5-->MsiExec.exe /I{4192EAC0-6B36-4723-B216-D0E86E7757AC}
Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Jasc Paint Shop Pro Studio, Dell Editon-->MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee Personal Firewall Plus-->C:\PROGRA~1\McAfee.com\PERSON~1\MpfUninstall.exe
McAfee SecurityCenter-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
McAfee VirusScan-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=1 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
Microsoft .NET Framework 1.1 Hotfix (KB886903)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Musicmatch for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
My Way Search Assistant-->rundll32 C:\PROGRA~1\MyWaySA\SrchAsDe\1.bin\desrcas.dll,O
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NetZeroInstallers-->MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Ocean Express Free Trial-->"C:\Program Files\OceanExpress_at\unins000.exe"
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Perpetual Paper for Smocking-->C:\PROGRA~1\ppaper\UNWISE.EXE C:\PROGRA~1\ppaper\INSTALL.LOG
Qualxserve Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
ResumeMaker-->C:\PROGRA~1\RESUME~1\UNWISE.EXE C:\PROGRA~1\RESUME~1\INSTALL.LOG
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows XP Hotfix - KB834707-->C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: AntiMalware (outdated)
FW: McAfee Personal Firewall Plus (disabled)

======System event log======

Computer Name: MASSEY
Event Code: 10010
Message: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Record Number: 44
Source Name: DCOM
Time Written: 20091228223644.000000-360
Event Type: error
User: MASSEY\Keith

Computer Name: MASSEY
Event Code: 10010
Message: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Record Number: 43
Source Name: DCOM
Time Written: 20091228223443.000000-360
Event Type: error
User: MASSEY\Keith

Computer Name: MASSEY
Event Code: 10010
Message: The server {58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB} did not register with DCOM within the required timeout.

Record Number: 37
Source Name: DCOM
Time Written: 20091228223147.000000-360
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: MASSEY
Event Code: 10010
Message: The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register with DCOM within the required timeout.

Record Number: 24
Source Name: DCOM
Time Written: 20091228221520.000000-360
Event Type: error
User: MASSEY\Keith

Computer Name: MASSEY
Event Code: 7023
Message: The Network Security service terminated with the following error:
The system cannot find the file specified.


Record Number: 4
Source Name: Service Control Manager
Time Written: 20091228221405.000000-360
Event Type: error
User:

=====Application event log=====

Computer Name: MASSEY
Event Code: 1
Message:
Record Number: 10
Source Name: Sophos Anti-Virus
Time Written: 20091228224144.000000-360
Event Type: error
User:

Computer Name: MASSEY
Event Code: 0
Message: Sophos AutoUpdate Service stopped OK. (Loop count = 0)

Record Number: 8
Source Name: WSH
Time Written: 20091228223225.000000-360
Event Type:
User:

Computer Name: MASSEY
Event Code: 4356
Message: The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}. CoGetObject returned HRESULT 80080005.
Record Number: 7
Source Name: EventSystem
Time Written: 20091228223147.000000-360
Event Type: warning
User:

Computer Name: MASSEY
Event Code: 0
Message: Sophos AutoUpdate Service stopped OK. (Loop count = 0)

Record Number: 4
Source Name: WSH
Time Written: 20091228222548.000000-360
Event Type:
User:

Computer Name: MASSEY
Event Code: 1517
Message: Windows saved user MASSEY\Keith registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 1
Source Name: Userenv
Time Written: 20091228221322.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

*********************************************************************************************************************
*********************************************************************************************************************

Logfile of random's system information tool 1.06 (written by random/random)
Run by Cecilia at 2010-01-24 12:27:44
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 58 GB (78%) free of 73 GB
Total RAM: 510 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:57 PM, on 1/24/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\internet explorer\wmpscfgs.exe
C:\Program Files\Internet Explorer\wmpscfgs.exe
c:\program files\internet explorer\wmpscfgs .exe
c:\program files\internet explorer\wmpscfgs .exe
C:\Temp\bhsegjts.exe
C:\Documents and Settings\Cecilia\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Cecilia.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1261854862937
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 5538 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (MASSEY-Darlene).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-27 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655} - McAfee VirusScan - c:\progra~1\mcafee.com\vso\mcvsshl.dll [2003-08-18 114743]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-27 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"=C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe [2010-01-24 410754]
"VirusScan Online"=c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe [2010-01-24 418974]
"MPFExe"=C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [2010-01-24 408950]
"MCUpdateExe"=c:\progra~1\mcafee.com\agent\McUpdate.exe [2010-01-24 420914]
"MCAgentExe"=C:\PROGRA~1\McAfee.com\Agent\McAgent.exe [2010-01-24 411514]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_Reader]
c:\program files\internet explorer\wmpscfgs.exe [2010-01-24 403162]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 922]
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe [2004-06-18 290816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\DellSupport\DSAgnt.exe [2009-12-26 306802]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel]
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe [2009-12-25 321334]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe [2004-09-14 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [2004-09-14 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSCD_Creator]
c:\Dell\PreODM.EXE [2004-10-31 408576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2005-02-06 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-01-01 425946]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe [2004-07-01 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
C:\PROGRA~1\AMERIC~1.0\aoltray.exe [2004-09-01 156784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2003-10-29 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Darlene^Start Menu^Programs^Startup^Greetings Workshop Reminders.lnk]
C:\PROGRA~1\GREETI~1\GWREMIND.EXE [1997-09-04 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Keith^Start Menu^Programs^Startup^scandisk.lnk]
C:\DOCUME~1\Keith\STARTM~1\Programs\Startup\scandisk.dll,_IWMPEvents@0 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MpfService"=2
"MCVSRte"=2
"mcupdmgr.exe"=3
"McTskshd.exe"=2
"McShield"=3
"McDetect.exe"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2009-06-17 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\SYSTEM32\WINLOGON.EXE"="C:\WINDOWS\SYSTEM32\WINLOGON.EXE:*:Enabled:winlogon"
"C:\WINDOWS\SYSTEM32\LOGONUI.EXE"="C:\WINDOWS\SYSTEM32\LOGONUI.EXE:*:Enabled:logonui"
"C:\WINDOWS\SYSTEM32\LSASS.EXE"="C:\WINDOWS\SYSTEM32\LSASS.EXE:*:Enabled:lsass"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"

======List of files/folders created in the last 2 months======

2010-01-24 12:27:44 ----D---- C:\rsit
2010-01-19 22:48:48 ----A---- C:\RootRepeal report 01-19-10 (22-48-48).txt
2010-01-16 09:50:40 ----A---- C:\RootRepeal report 01-16-10 (09-50-40).txt
2010-01-16 08:36:46 ----D---- C:\WINDOWS\ERUNT
2010-01-16 03:03:24 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-15 22:53:28 ----D---- C:\Documents and Settings\Cecilia\Application Data\SUPERAntiSpyware.com
2010-01-15 19:06:52 ----D---- C:\Documents and Settings\Cecilia\Application Data\AdobeUM
2010-01-15 19:03:56 ----D---- C:\Documents and Settings\Cecilia\Application Data\Malwarebytes
2010-01-01 20:04:39 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-01 20:04:05 ----HDC---- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-01 20:02:42 ----D---- C:\Program Files\Lavasoft
2009-12-30 21:54:56 ----D---- C:\Documents and Settings\All Users\Application Data\IObit
2009-12-29 14:01:20 ----A---- C:\WINDOWS\system32\MRT.INI
2009-12-29 13:55:11 ----A---- C:\WINDOWS\system32\mrt.exe
2009-12-29 13:54:37 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2009-12-29 13:54:12 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-29 13:53:48 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-29 13:47:52 ----D---- C:\WINDOWS\ie7updates
2009-12-29 13:47:25 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2009-12-29 13:45:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2009-12-29 13:44:34 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2009-12-29 13:44:10 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2009-12-29 13:43:50 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2009-12-29 13:42:48 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2009-12-29 11:11:23 ----D---- C:\WINDOWS\WBEM
2009-12-29 11:11:22 ----D---- C:\WINDOWS\system32\en-US
2009-12-29 11:10:19 ----HDC---- C:\WINDOWS\ie7
2009-12-29 11:10:07 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-12-29 11:09:45 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-12-29 11:08:58 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-12-29 11:08:11 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-12-28 22:28:45 ----D---- C:\Documents and Settings\All Users\Application Data\Sophos
2009-12-28 14:58:54 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-28 11:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-12-28 11:50:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-12-28 11:50:03 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-12-28 11:49:52 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-12-28 11:49:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-12-28 11:49:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-12-28 11:49:24 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2009-12-28 11:49:16 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-12-28 11:49:08 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-12-28 11:49:04 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-12-28 11:48:58 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-28 11:48:46 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-12-28 11:48:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-12-28 11:48:22 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-12-28 11:48:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-12-28 11:48:03 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-12-28 11:47:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-12-28 11:47:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-12-28 11:47:11 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-12-28 11:47:03 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-12-28 11:46:56 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-12-28 11:46:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-12-28 11:46:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-12-28 11:46:31 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-12-28 11:46:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-12-28 11:46:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-12-28 11:45:58 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-12-28 11:45:30 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2009-12-28 11:45:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-12-28 11:45:01 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-12-28 11:44:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-12-28 11:44:12 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-12-28 11:44:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-12-28 11:43:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-12-28 11:43:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-12-28 11:43:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-12-28 11:43:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-28 11:43:12 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-12-28 11:43:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-12-28 11:42:53 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-28 11:41:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-12-28 11:41:38 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-12-28 11:41:30 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-12-28 11:40:52 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-12-28 11:40:09 ----D---- C:\WINDOWS\ServicePackFiles
2009-12-28 11:40:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-12-28 11:39:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-12-28 11:39:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-12-28 11:38:21 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-12-28 11:32:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-12-28 11:28:59 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-12-28 11:27:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-12-28 11:25:15 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-12-28 11:24:40 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-12-28 11:23:55 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-12-28 11:22:00 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-12-28 11:19:57 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-12-27 22:55:43 ----D---- C:\Program Files\Trend Micro
2009-12-27 22:33:18 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-12-27 22:33:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-26 14:29:22 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-12-26 13:21:27 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-12-26 13:15:35 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-12-26 11:05:54 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-12-25 20:38:26 ----D---- C:\SDFix
2009-12-16 23:12:43 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2009-12-16 23:12:43 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2009-12-16 23:12:43 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2009-12-11 07:26:25 ----A---- C:\WINDOWS\system32\OLD8.tmp
2009-12-10 22:50:43 ----D---- C:\WINDOWS\system32\LogFiles
2009-11-26 20:21:32 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-11-26 16:05:34 ----D---- C:\McAfee.com Personal Firewall

======List of files/folders modified in the last 2 months======

2010-01-24 12:27:38 ----D---- C:\WINDOWS\Prefetch
2010-01-24 11:40:00 ----SD---- C:\WINDOWS\Tasks
2010-01-24 11:38:38 ----D---- C:\Program Files\Adobe
2010-01-24 11:38:16 ----D---- C:\Program Files\Internet Explorer
2010-01-24 11:36:51 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2010-01-24 07:41:20 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-24 07:39:55 ----HDC---- C:\WINDOWS\$NtUninstallKB905915$
2010-01-24 07:39:54 ----D---- C:\WINDOWS\system32\DRIVERS
2010-01-24 07:23:01 ----D---- C:\Temp
2010-01-23 08:48:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-23 08:48:53 ----D---- C:\WINDOWS\Temp
2010-01-23 08:48:50 ----D---- C:\WINDOWS
2010-01-23 08:48:46 ----SHD---- C:\WINDOWS\Installer
2010-01-23 08:01:39 ----HD---- C:\WINDOWS\INF
2010-01-23 08:01:38 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-19 23:03:59 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2010-01-16 09:10:41 ----RD---- C:\Program Files
2010-01-16 08:30:23 ----RASH---- C:\BOOT.INI
2010-01-16 08:30:23 ----A---- C:\WINDOWS\WIN.INI
2010-01-16 08:30:23 ----A---- C:\WINDOWS\SYSTEM.INI
2010-01-16 08:28:32 ----D---- C:\WINDOWS\SYSTEM32
2010-01-16 03:02:39 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-15 23:48:41 ----D---- C:\WINDOWS\WinSxS
2010-01-15 23:48:37 ----D---- C:\Program Files\Common Files
2010-01-15 23:42:36 ----SD---- C:\Documents and Settings\Cecilia\Application Data\Microsoft
2010-01-15 22:52:35 ----D---- C:\Documents and Settings\Cecilia\Application Data\McAfee.com Personal Firewall
2010-01-15 22:04:19 ----D---- C:\WINDOWS\pss
2010-01-15 19:06:32 ----D---- C:\Documents and Settings\Cecilia\Application Data\Adobe
2010-01-01 19:50:16 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2010-01-01 19:07:01 ----D---- C:\I386
2009-12-30 21:57:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-30 03:03:15 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-29 14:10:29 ----D---- C:\WINDOWS\AppPatch
2009-12-29 11:15:11 ----D---- C:\WINDOWS\Help
2009-12-29 11:11:16 ----D---- C:\WINDOWS\Media
2009-12-28 12:06:10 ----D---- C:\WINDOWS\system32\WBEM
2009-12-28 11:49:56 ----D---- C:\Program Files\Messenger
2009-12-28 11:43:37 ----D---- C:\Program Files\Outlook Express
2009-12-28 11:42:34 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-28 11:07:45 ----D---- C:\WINDOWS\SoftwareDistribution
2009-12-28 09:12:44 ----SHD---- C:\System Volume Information
2009-12-28 09:12:44 ----D---- C:\WINDOWS\system32\restore
2009-12-28 07:14:10 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2009-12-28 00:52:18 ----HDC---- C:\WINDOWS\$NtUninstallKB917734_WMP10$
2009-12-27 23:55:14 ----D---- C:\WINDOWS\SECURITY
2009-12-27 23:34:51 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2009-12-26 18:50:23 ----D---- C:\Program Files\DellSupport
2009-12-26 14:29:21 ----D---- C:\WINDOWS\Debug
2009-12-26 13:14:48 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-26 10:18:52 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-26 10:12:22 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-25 22:03:03 ----D---- C:\Program Files\EarthLink TotalAccess
2009-12-25 21:57:55 ----SHD---- C:\RECYCLER
2009-12-03 13:33:19 ----A---- C:\WINDOWS\dellstat.ini
2009-12-02 12:33:50 ----D---- C:\WINDOWS\system32\FxsTmp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 MPFIREWL;MPFIREWL; C:\WINDOWS\System32\Drivers\MpFirewall.sys [2004-08-09 83325]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-02-06 8552]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 catchme;catchme; \??\C:\DOCUME~1\Cecilia\LOCALS~1\Temp\catchme.sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NaiFiltr;NaiFiltr; C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys [2002-03-13 23296]
S3 NPF;WinPcap Packet Driver (NPF); C:\WINDOWS\system32\drivers\NPF.sys [2007-11-15 34064]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 uxtdypoc;uxtdypoc; \??\C:\DOCUME~1\Cecilia\LOCALS~1\Temp\uxtdypoc.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [2004-04-07 1135728]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-01-01 1181328]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-15 38912]
S2 6to4;Network Security; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 dlbt_device;dlbt_device; C:\WINDOWS\system32\dlbtcoms.exe [2004-03-16 421888]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2009-06-17 16680]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-22 182768]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S4 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe [2005-10-13 126976]
S4 McShield;McAfee.com McShield; c:\PROGRA~1\mcafee.com\vso\mcshield.exe [2002-03-13 225375]
S4 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [2005-08-24 122368]
S4 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-07-01 245760]
S4 MCVSRte;McAfee.com VirusScan Online Realtime Engine; c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe [2004-08-26 122880]
S4 MpfService;McAfee Personal Firewall Service; C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe [2004-08-22 577536]

-----------------EOF-----------------


#6 User is offline   syler 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 8,150
  • Joined: 07-November 07
  • Gender:Male
  • Location:Warrington, UK

Posted 24 January 2010 - 03:51 PM

It appears you have run Rsit first before MBAM, it is important to do the instructions in the order posted so can you please run Rsit again
and post the new log.txt.

Cheers
Posted Image
If I have helped you, and you would like to make a donation to me, click here

#7 User is offline   crumpms 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 16
  • Joined: 16-January 10

Posted 24 January 2010 - 11:26 PM

My apologies...Here is the new log.txt file.

Mike

**********************************************************************************************
**********************************************************************************************
Logfile of random's system information tool 1.06 (written by random/random)
Run by Cecilia at 2010-01-24 22:20:28
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 57 GB (78%) free of 73 GB
Total RAM: 510 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:00 PM, on 1/24/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\program files\internet explorer\wmpscfgs.exe
C:\Program Files\Internet Explorer\wmpscfgs.exe
c:\program files\internet explorer\wmpscfgs .exe
c:\program files\internet explorer\wmpscfgs .exe
C:\Documents and Settings\Cecilia\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Cecilia.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1261854862937
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 5620 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (MASSEY-Darlene).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-27 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655} - McAfee VirusScan - c:\progra~1\mcafee.com\vso\mcvsshl.dll [2003-08-18 114743]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-27 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"=C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe [2010-01-24 447414]
"VirusScan Online"=c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe [2010-01-24 434706]
"MPFExe"=C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [2010-01-24 459218]
"MCUpdateExe"=c:\progra~1\mcafee.com\agent\McUpdate.exe [2010-01-24 433854]
"MCAgentExe"=C:\PROGRA~1\McAfee.com\Agent\McAgent.exe [2010-01-24 439582]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_Reader]
c:\program files\internet explorer\wmpscfgs.exe [2010-01-24 437954]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 922]
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe [2004-06-18 290816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\DellSupport\DSAgnt.exe [2009-12-26 306802]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel]
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe [2009-12-25 321334]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe [2004-09-14 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [2004-09-14 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSCD_Creator]
c:\Dell\PreODM.EXE [2004-10-31 408576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2005-02-06 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-01-01 425946]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe [2004-07-01 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
C:\PROGRA~1\AMERIC~1.0\aoltray.exe [2004-09-01 156784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2003-10-29 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Darlene^Start Menu^Programs^Startup^Greetings Workshop Reminders.lnk]
C:\PROGRA~1\GREETI~1\GWREMIND.EXE [1997-09-04 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Keith^Start Menu^Programs^Startup^scandisk.lnk]
C:\DOCUME~1\Keith\STARTM~1\Programs\Startup\scandisk.dll,_IWMPEvents@0 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MpfService"=2
"MCVSRte"=2
"mcupdmgr.exe"=3
"McTskshd.exe"=2
"McShield"=3
"McDetect.exe"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2009-06-17 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\SYSTEM32\WINLOGON.EXE"="C:\WINDOWS\SYSTEM32\WINLOGON.EXE:*:Enabled:winlogon"
"C:\WINDOWS\SYSTEM32\LOGONUI.EXE"="C:\WINDOWS\SYSTEM32\LOGONUI.EXE:*:Enabled:logonui"
"C:\WINDOWS\SYSTEM32\LSASS.EXE"="C:\WINDOWS\SYSTEM32\LSASS.EXE:*:Enabled:lsass"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"

======List of files/folders created in the last 2 months======

2010-01-24 12:27:44 ----D---- C:\rsit
2010-01-19 22:48:48 ----A---- C:\RootRepeal report 01-19-10 (22-48-48).txt
2010-01-16 09:50:40 ----A---- C:\RootRepeal report 01-16-10 (09-50-40).txt
2010-01-16 08:36:46 ----D---- C:\WINDOWS\ERUNT
2010-01-16 03:03:24 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-15 22:53:28 ----D---- C:\Documents and Settings\Cecilia\Application Data\SUPERAntiSpyware.com
2010-01-15 19:06:52 ----D---- C:\Documents and Settings\Cecilia\Application Data\AdobeUM
2010-01-15 19:03:56 ----D---- C:\Documents and Settings\Cecilia\Application Data\Malwarebytes
2010-01-01 20:04:39 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-01 20:04:05 ----HDC---- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-01 20:02:42 ----D---- C:\Program Files\Lavasoft
2009-12-30 21:54:56 ----D---- C:\Documents and Settings\All Users\Application Data\IObit
2009-12-29 14:01:20 ----A---- C:\WINDOWS\system32\MRT.INI
2009-12-29 13:55:11 ----A---- C:\WINDOWS\system32\mrt.exe
2009-12-29 13:54:37 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2009-12-29 13:54:12 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-29 13:53:48 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-29 13:47:52 ----D---- C:\WINDOWS\ie7updates
2009-12-29 13:47:25 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2009-12-29 13:45:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2009-12-29 13:44:34 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2009-12-29 13:44:10 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2009-12-29 13:43:50 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2009-12-29 13:42:48 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2009-12-29 11:11:23 ----D---- C:\WINDOWS\WBEM
2009-12-29 11:11:22 ----D---- C:\WINDOWS\system32\en-US
2009-12-29 11:10:19 ----HDC---- C:\WINDOWS\ie7
2009-12-29 11:10:07 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-12-29 11:09:45 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-12-29 11:08:58 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-12-29 11:08:11 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-12-28 22:28:45 ----D---- C:\Documents and Settings\All Users\Application Data\Sophos
2009-12-28 14:58:54 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-28 11:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-12-28 11:50:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-12-28 11:50:03 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-12-28 11:49:52 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-12-28 11:49:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-12-28 11:49:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-12-28 11:49:24 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2009-12-28 11:49:16 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-12-28 11:49:08 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-12-28 11:49:04 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-12-28 11:48:58 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-28 11:48:46 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-12-28 11:48:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-12-28 11:48:22 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-12-28 11:48:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-12-28 11:48:03 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-12-28 11:47:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-12-28 11:47:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-12-28 11:47:11 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-12-28 11:47:03 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-12-28 11:46:56 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-12-28 11:46:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-12-28 11:46:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-12-28 11:46:31 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-12-28 11:46:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-12-28 11:46:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-12-28 11:45:58 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-12-28 11:45:30 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2009-12-28 11:45:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-12-28 11:45:01 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-12-28 11:44:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-12-28 11:44:12 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-12-28 11:44:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-12-28 11:43:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-12-28 11:43:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-12-28 11:43:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-12-28 11:43:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-28 11:43:12 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-12-28 11:43:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-12-28 11:42:53 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-28 11:41:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-12-28 11:41:38 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-12-28 11:41:30 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-12-28 11:40:52 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-12-28 11:40:09 ----D---- C:\WINDOWS\ServicePackFiles
2009-12-28 11:40:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-12-28 11:39:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-12-28 11:39:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-12-28 11:38:21 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-12-28 11:32:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-12-28 11:28:59 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-12-28 11:27:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-12-28 11:25:15 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-12-28 11:24:40 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-12-28 11:23:55 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-12-28 11:22:00 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-12-28 11:19:57 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-12-27 22:55:43 ----D---- C:\Program Files\Trend Micro
2009-12-27 22:33:18 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-12-27 22:33:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-26 14:29:22 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-12-26 13:21:27 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-12-26 13:15:35 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-12-26 11:05:54 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-12-25 20:38:26 ----D---- C:\SDFix
2009-12-16 23:12:43 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2009-12-16 23:12:43 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2009-12-16 23:12:43 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2009-12-11 07:26:25 ----A---- C:\WINDOWS\system32\OLD8.tmp
2009-12-10 22:50:43 ----D---- C:\WINDOWS\system32\LogFiles
2009-11-26 20:21:32 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-11-26 16:05:34 ----D---- C:\McAfee.com Personal Firewall

======List of files/folders modified in the last 2 months======

2010-01-24 22:21:00 ----SD---- C:\WINDOWS\Tasks
2010-01-24 22:19:38 ----D---- C:\Program Files\Internet Explorer
2010-01-24 22:19:38 ----D---- C:\Program Files\Adobe
2010-01-24 22:19:24 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2010-01-24 14:37:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-24 14:37:08 ----D---- C:\WINDOWS\Temp
2010-01-24 14:37:04 ----D---- C:\WINDOWS
2010-01-24 14:37:02 ----SHD---- C:\WINDOWS\Installer
2010-01-24 14:23:26 ----D---- C:\WINDOWS\system32\DRIVERS
2010-01-24 12:34:44 ----D---- C:\WINDOWS\Prefetch
2010-01-24 07:41:20 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-24 07:39:55 ----HDC---- C:\WINDOWS\$NtUninstallKB905915$
2010-01-24 07:23:01 ----D---- C:\Temp
2010-01-23 08:01:39 ----HD---- C:\WINDOWS\INF
2010-01-23 08:01:38 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-19 23:03:59 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2010-01-16 09:10:41 ----RD---- C:\Program Files
2010-01-16 08:30:23 ----RASH---- C:\BOOT.INI
2010-01-16 08:30:23 ----A---- C:\WINDOWS\WIN.INI
2010-01-16 08:30:23 ----A---- C:\WINDOWS\SYSTEM.INI
2010-01-16 08:28:32 ----D---- C:\WINDOWS\SYSTEM32
2010-01-16 03:02:39 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-15 23:48:41 ----D---- C:\WINDOWS\WinSxS
2010-01-15 23:48:37 ----D---- C:\Program Files\Common Files
2010-01-15 23:42:36 ----SD---- C:\Documents and Settings\Cecilia\Application Data\Microsoft
2010-01-15 22:52:35 ----D---- C:\Documents and Settings\Cecilia\Application Data\McAfee.com Personal Firewall
2010-01-15 22:04:19 ----D---- C:\WINDOWS\pss
2010-01-15 19:06:32 ----D---- C:\Documents and Settings\Cecilia\Application Data\Adobe
2010-01-01 19:50:16 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2010-01-01 19:07:01 ----D---- C:\I386
2009-12-30 21:57:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-30 03:03:15 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-29 14:10:29 ----D---- C:\WINDOWS\AppPatch
2009-12-29 11:15:11 ----D---- C:\WINDOWS\Help
2009-12-29 11:11:16 ----D---- C:\WINDOWS\Media
2009-12-28 12:06:10 ----D---- C:\WINDOWS\system32\WBEM
2009-12-28 11:49:56 ----D---- C:\Program Files\Messenger
2009-12-28 11:43:37 ----D---- C:\Program Files\Outlook Express
2009-12-28 11:42:34 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-28 11:07:45 ----D---- C:\WINDOWS\SoftwareDistribution
2009-12-28 09:12:44 ----SHD---- C:\System Volume Information
2009-12-28 09:12:44 ----D---- C:\WINDOWS\system32\restore
2009-12-28 07:14:10 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2009-12-28 00:52:18 ----HDC---- C:\WINDOWS\$NtUninstallKB917734_WMP10$
2009-12-27 23:55:14 ----D---- C:\WINDOWS\SECURITY
2009-12-27 23:34:51 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2009-12-26 18:50:23 ----D---- C:\Program Files\DellSupport
2009-12-26 14:29:21 ----D---- C:\WINDOWS\Debug
2009-12-26 13:14:48 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-26 10:18:52 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-26 10:12:22 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-25 22:03:03 ----D---- C:\Program Files\EarthLink TotalAccess
2009-12-25 21:57:55 ----SHD---- C:\RECYCLER
2009-12-03 13:33:19 ----A---- C:\WINDOWS\dellstat.ini
2009-12-02 12:33:50 ----D---- C:\WINDOWS\system32\FxsTmp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 MPFIREWL;MPFIREWL; C:\WINDOWS\System32\Drivers\MpFirewall.sys [2004-08-09 83325]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-02-06 8552]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 catchme;catchme; \??\C:\DOCUME~1\Cecilia\LOCALS~1\Temp\catchme.sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NaiFiltr;NaiFiltr; C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys [2002-03-13 23296]
S3 NPF;WinPcap Packet Driver (NPF); C:\WINDOWS\system32\drivers\NPF.sys [2007-11-15 34064]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [2004-04-07 1135728]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-01-01 1181328]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-15 38912]
S2 6to4;Network Security; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 dlbt_device;dlbt_device; C:\WINDOWS\system32\dlbtcoms.exe [2004-03-16 421888]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2009-06-17 16680]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-22 182768]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S4 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe [2005-10-13 126976]
S4 McShield;McAfee.com McShield; c:\PROGRA~1\mcafee.com\vso\mcshield.exe [2002-03-13 225375]
S4 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [2005-08-24 122368]
S4 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-07-01 245760]
S4 MCVSRte;McAfee.com VirusScan Online Realtime Engine; c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe [2004-08-26 122880]
S4 MpfService;McAfee Personal Firewall Service; C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe [2004-08-22 577536]

-----------------EOF-----------------

#8 User is offline   syler 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 8,150
  • Joined: 07-November 07
  • Gender:Male
  • Location:Warrington, UK

Posted 25 January 2010 - 02:47 PM

No problem, I see you are still infected we will try remove it with OTM and then get another report.

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.


We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the icon on your desktop.
  • Paste the following code under the area. Do not include the word "Code".
    CODE
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_Reader]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Keith^Start Menu^Programs^Startup^scandisk.lnk]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\WINDOWS\SYSTEM32\WINLOGON.EXE"=-
    "C:\WINDOWS\SYSTEM32\LOGONUI.EXE"=-
    "C:\WINDOWS\SYSTEM32\LSASS.EXE"=-
    :Files
    C:\Program Files\Internet Explorer\wmpscfgs.exe
    c:\program files\internet explorer\wmpscfgs .exe
    C:\WINDOWS\tasks\At*.job
    :Commands
    [EmptyTemp]
  • Push the large button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    netsvcs
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\*. /mp /s
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


Then please post back here with the following logs:
  • OTM results
  • OTL.txt
  • Extra.txt

Thanks
Posted Image
If I have helped you, and you would like to make a donation to me, click here

#9 User is offline   crumpms 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 16
  • Joined: 16-January 10

Posted 25 January 2010 - 10:04 PM

Hi syler,
sorry for the long delay (I have to wait until I get home from work to do this).

Here are the log files you requested.

Mike
****************************************************************************************
****************************************************************************************

*****OTM RESULTS LOG*****

All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_Reader\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Keith^Start Menu^Programs^Startup^scandisk.lnk\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\SYSTEM32\WINLOGON.EXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\SYSTEM32\LOGONUI.EXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\SYSTEM32\LSASS.EXE deleted successfully.
========== FILES ==========
C:\Program Files\Internet Explorer\wmpscfgs.exe moved successfully.
c:\program files\internet explorer\wmpscfgs .exe moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 9314327 bytes

User: All Users

User: Cecilia
->Temp folder emptied: 50202 bytes
->Temporary Internet Files folder emptied: 10003021 bytes

User: Darlene
->Temp folder emptied: 1049545 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 281482 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Keith
->Temp folder emptied: 2329404 bytes
->Temporary Internet Files folder emptied: 6282327 bytes
->Java cache emptied: 3847 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4679626 bytes
->Java cache emptied: 6132 bytes

User: Seth
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2424966 bytes

User: Tommy
->Temp folder emptied: 374992 bytes
->Temporary Internet Files folder emptied: 1905122 bytes
->Java cache emptied: 1433179 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 66755 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2213099 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 70779524 bytes

Total Files Cleaned = 108.00 mb


OTM by OldTimer - Version 3.1.6.0 log created on 01252010_203524

Files moved on Reboot...

Registry entries deleted on Reboot...

****************************************************************************************
****************************************************************************************

*****OTL FILE*****
OTL logfile created on: 1/25/2010 8:44:33 PM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Cecilia\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 208.00 Mb Available Physical Memory | 41.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.59 Gb Total Space | 56.08 Gb Free Space | 78.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 121.40 Mb Total Space | 19.44 Mb Free Space | 16.01% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MASSEY
Current User Name: Cecilia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/25 20:37:40 | 00,538,690 | ---- | M] () -- C:\Program Files\Internet Explorer\wmpscfgs.exe
PRC - [2010/01/25 20:37:40 | 00,538,690 | ---- | M] () -- c:\Program Files\Internet Explorer\wmpscfgs.exe
PRC - [2010/01/25 20:36:12 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cecilia\Desktop\OTL.exe
PRC - [2010/01/01 21:11:45 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/01/01 21:11:37 | 01,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2007/06/13 04:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/09/30 19:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/08/22 15:32:56 | 00,569,344 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
PRC - [2004/08/22 15:31:28 | 01,327,104 | ---- | M] (McAfee Security) -- c:\Program Files\McAfee.com\Personal Firewall\mpftray .exe
PRC - [2004/08/04 05:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE
PRC - [2004/08/04 05:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\WSCNTFY.EXE
PRC - [2004/04/07 12:07:32 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe


========== Modules (SafeList) ==========

MOD - [2010/01/25 20:36:12 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cecilia\Desktop\OTL.exe
MOD - [2006/08/25 09:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/01 21:11:37 | 01,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/06/17 15:17:18 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/05/22 22:21:13 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2007/03/07 14:47:46 | 00,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/10/13 19:56:16 | 00,126,976 | ---- | M] (McAfee, Inc) [Disabled | Stopped] -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe -- (McDetect.exe)
SRV - [2005/09/30 19:22:50 | 00,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/08/24 16:01:04 | 00,122,368 | ---- | M] (McAfee, Inc) [Disabled | Stopped] -- c:\Program Files\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe)
SRV - [2005/07/01 19:22:50 | 00,245,760 | ---- | M] (McAfee, Inc) [Disabled | Stopped] -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe)
SRV - [2004/08/26 17:57:22 | 00,122,880 | ---- | M] (Networks Associates Technology, Inc) [Disabled | Stopped] -- c:\Program Files\McAfee.com\VSO\mcvsrte.exe -- (MCVSRte)
SRV - [2004/08/22 15:31:44 | 00,577,536 | ---- | M] (McAfee Corporation) [Disabled | Stopped] -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService)
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2004/04/07 12:07:32 | 01,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2004/03/16 14:33:24 | 00,421,888 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device)
SRV - [2003/12/17 13:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2002/03/13 08:50:34 | 00,225,375 | ---- | M] () [Disabled | Stopped] -- c:\Program Files\McAfee.com\VSO\McShield.exe -- (McShield)


========== Driver Services (SafeList) ==========

DRV - [2009/12/02 07:19:06 | 00,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2007/11/15 14:30:48 | 00,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\npf.sys -- (NPF) WinPcap Packet Driver (NPF)
DRV - [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/20 10:00:54 | 01,302,332 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm)
DRV - [2005/02/06 00:40:46 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\asctrm.sys -- (ASCTRM)
DRV - [2005/01/27 14:31:06 | 00,260,352 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2004/09/17 08:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/09/14 08:50:10 | 00,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/08/09 12:30:18 | 00,083,325 | ---- | M] (McAfee Security) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MpFirewall.sys -- (MPFIREWL)
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2004/08/03 23:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/02/10 15:49:14 | 00,154,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys -- (E100B) Intel®
DRV - [2003/11/17 15:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/04/09 13:48:08 | 00,011,043 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2003/01/10 16:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/03/13 08:50:36 | 00,023,296 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NaiFiltr.sys -- (NaiFiltr)
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555



IE - HKU\S-1-5-21-1547107083-2549169958-977454954-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-1547107083-2549169958-977454954-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1547107083-2549169958-977454954-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1547107083-2549169958-977454954-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1547107083-2549169958-977454954-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-1547107083-2549169958-977454954-1008\S-1-5-21-1547107083-2549169958-977454954-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/01/16 08:41:15 | 00,000,686 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (Networks Associates Technology, Inc)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1547107083-2549169958-977454954-1008\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\dwtrig20.exe ()
O4 - HKLM..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe ()
O4 - HKLM..\Run: [MCUpdateExe] c:\Program Files\McAfee.com\Agent\mcupdate.exe ()
O4 - HKLM..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\mpftray.exe ()
O4 - HKLM..\Run: [VirusScan Online] c:\Program Files\McAfee.com\VSO\mcvsshld.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashUtil10b.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashUtil10b.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Cecilia\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1547107083-2549169958-977454954-1008\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1547107083-2549169958-977454954-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547107083-2549169958-977454954-1008_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 81 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 81 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1547107083-2549169958-977454954-1008\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1261854862937 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/10/13 10:20:20 | 00,669,032 | ---- | M] (Sysinternals - www.sysinternals.com) - E:\autoruns.exe -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: AppMgmt - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2005/02/05 23:59:24 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\WMI.DLL (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8EFA4753-7169-4CC3-A28B-0A1643B8A39B} - Microsoft .NET Framework 1.1 Hotfix (KB886903)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\IAC25_32.AX (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\L3CODECA.ACM (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\ICCVID.DLL (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\IR41_32.AX (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\IR50_32.DLL (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\SERWVDRV.DLL (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (53765113575899136)

========== Files/Folders - Created Within 30 Days ==========

[2010/01/25 20:43:22 | 00,548,352 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cecilia\Desktop\OTL.exe
[2010/01/25 20:35:24 | 00,000,000 | ---D | C] -- C:\_OTM
[2010/01/25 20:34:21 | 00,503,296 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cecilia\Desktop\OTM.exe
[2010/01/25 20:30:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/25 20:28:53 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/24 12:27:44 | 00,000,000 | ---D | C] -- C:\rsit
[2010/01/16 09:40:33 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Cecilia\Desktop\RootRepeal.exe
[2010/01/16 08:36:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010/01/15 23:16:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cecilia\Local Settings\Application Data\Sophos
[2010/01/15 22:53:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cecilia\Application Data\SUPERAntiSpyware.com
[2010/01/15 19:54:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ixrhdn
[2010/01/15 19:06:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cecilia\Application Data\AdobeUM
[2010/01/15 19:06:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cecilia\Local Settings\Application Data\Adobe
[2010/01/15 19:06:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cecilia\My Documents\My eBooks
[2010/01/15 19:03:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cecilia\Application Data\Malwarebytes
[2010/01/01 22:12:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/01/01 22:01:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/01 20:04:39 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/01/01 20:04:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/01/01 20:04:05 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/01/01 20:02:42 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/12/30 21:54:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/12/29 13:47:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2009/12/29 11:11:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/12/29 11:11:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/12/29 11:10:19 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2009/12/29 11:10:07 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2009/12/29 11:09:45 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2009/12/28 22:28:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2009/12/28 14:58:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/12/28 11:40:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/12/27 22:55:43 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/27 22:33:20 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/27 22:33:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/27 22:33:17 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/27 22:33:17 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/17 07:10:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2009/12/17 02:27:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/11/25 07:17:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2009/11/25 07:17:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/07/13 18:14:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2009/07/13 18:13:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2008/12/02 14:50:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2008/02/19 11:01:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\EarthLink Toolbar
[2007/08/08 02:00:34 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/04/04 12:52:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2005/04/04 12:52:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2005/02/10 13:33:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2005/02/06 00:00:56 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2005/02/06 00:00:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/02/06 00:00:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/01/25 20:39:07 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/01/25 20:39:07 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/01/25 20:39:07 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/01/25 20:39:07 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/01/25 20:39:06 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/01/25 20:39:06 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/01/25 20:39:06 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/01/25 20:39:06 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/01/25 20:39:06 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/01/25 20:39:06 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/01/25 20:39:06 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/01/25 20:39:06 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/01/25 20:39:06 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/01/25 20:39:06 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/01/25 20:39:06 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/01/25 20:39:06 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/01/25 20:39:06 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/01/25 20:39:06 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/01/25 20:39:06 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/01/25 20:39:06 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/01/25 20:39:06 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/01/25 20:39:06 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/01/25 20:39:06 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/01/25 20:39:06 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/01/25 20:38:32 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/25 20:38:31 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/01/25 20:38:30 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/25 20:38:29 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/01/25 20:38:27 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/25 20:37:39 | 00,114,208 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2010/01/25 20:37:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/25 20:37:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/01/25 20:37:14 | 53,482,7008 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/25 20:36:48 | 05,242,880 | -H-- | M] () -- C:\Documents and Settings\Cecilia\NTUSER.DAT
[2010/01/25 20:36:38 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Cecilia\NTUSER.INI
[2010/01/25 20:36:12 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cecilia\Desktop\OTL.exe
[2010/01/25 20:29:28 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Cecilia\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/01/25 20:28:53 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Cecilia\Desktop\NTREGOPT.lnk
[2010/01/25 20:28:53 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Cecilia\Desktop\ERUNT.lnk
[2010/01/25 20:24:34 | 00,503,296 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cecilia\Desktop\OTM.exe
[2010/01/24 14:22:36 | 04,839,292 | -H-- | M] () -- C:\Documents and Settings\Cecilia\Local Settings\Application Data\IconCache.db
[2010/01/24 07:36:14 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Cecilia\Desktop\RSIT.exe
[2010/01/23 08:11:34 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\Cecilia\Desktop\settings.dat
[2010/01/23 07:52:27 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/01/16 09:40:38 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Cecilia\Desktop\RootRepeal.exe
[2010/01/16 09:32:30 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Cecilia\Desktop\dds.scr
[2010/01/16 08:41:15 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2010/01/16 08:30:23 | 00,000,581 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/01/16 08:30:23 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/01/16 08:30:23 | 00,000,211 | RHS- | M] () -- C:\BOOT.INI
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/01 20:04:00 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/12/30 21:57:28 | 00,441,808 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/30 21:57:28 | 00,381,692 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/12/30 21:57:28 | 00,053,436 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/12/29 14:01:20 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/12/28 11:34:01 | 00,278,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010/01/25 20:37:40 | 00,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/01/25 20:37:40 | 00,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/01/25 20:37:40 | 00,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/01/25 20:37:40 | 00,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/01/25 20:37:40 | 00,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/01/25 20:37:40 | 00,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/01/25 20:37:40 | 00,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/01/25 20:37:40 | 00,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/01/25 20:37:40 | 00,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/01/25 20:37:40 | 00,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/01/25 20:37:40 | 00,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/01/25 20:37:40 | 00,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/01/25 20:37:40 | 00,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/01/25 20:37:40 | 00,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/01/25 20:37:40 | 00,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/01/25 20:37:40 | 00,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/01/25 20:37:40 | 00,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/01/25 20:37:40 | 00,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/01/25 20:37:40 | 00,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/01/25 20:37:40 | 00,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/01/25 20:37:40 | 00,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/01/25 20:37:40 | 00,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/01/25 20:37:40 | 00,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/01/25 20:37:40 | 00,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/01/25 20:29:28 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Cecilia\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/01/25 20:28:53 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Cecilia\Desktop\NTREGOPT.lnk
[2010/01/25 20:28:53 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Cecilia\Desktop\ERUNT.lnk
[2010/01/24 12:27:26 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Cecilia\Desktop\RSIT.exe
[2010/01/24 11:36:39 | 53,482,7008 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/16 09:42:13 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\Cecilia\Desktop\settings.dat
[2010/01/16 09:32:24 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Cecilia\Desktop\dds.scr
[2010/01/01 21:17:00 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/01/01 21:17:00 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/01 21:16:59 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/01/01 21:16:57 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/01 20:04:00 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/01/01 17:53:32 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/12/29 14:01:20 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/02/05 13:17:27 | 00,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/04/22 17:00:10 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/03/09 14:33:33 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Cecilia\Application Data\PFP120JPR.{PB
[2006/03/09 14:33:33 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Cecilia\Application Data\PFP120JCM.{PB
[2005/03/17 09:18:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WinInit.Ini
[2005/02/20 20:05:48 | 00,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2005/02/20 20:05:48 | 00,126,976 | R--- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2005/02/20 19:42:15 | 00,000,675 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/02/17 17:23:09 | 00,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2005/02/06 00:43:46 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/06 00:38:26 | 00,023,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\NaiFiltr.sys
[2005/02/06 00:01:36 | 00,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 13:13:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 05:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/06/14 09:21:46 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2004/06/14 09:21:02 | 00,557,056 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2004/06/14 09:15:48 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2004/06/14 09:09:22 | 00,401,408 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2003/10/08 08:09:46 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2002/03/13 16:46:46 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
[1980/01/01 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 05:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\I386\AGP440.SYS
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\DLLCACHE\agp440.sys
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\DRIVERS\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 05:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\DLLCACHE\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2004/08/04 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\I386\EVENTLOG.DLL
[2004/08/04 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\SYSTEM32\DLLCACHE\eventlog.dll
[2004/08/04 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\SYSTEM32\EVENTLOG.DLL
[2004/06/18 22:17:44 | 00,204,800 | ---- | M] (EarthLink, Inc.) MD5=EC79C84FE0DDF02B0D1E2EB23DC97984 -- C:\Program Files\EarthLink TotalAccess\EventLog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2009/02/06 12:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 12:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\I386\NETLOGON.DLL
[2004/08/04 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SYSTEM32\DLLCACHE\netlogon.dll
[2004/08/04 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SYSTEM32\NETLOGON.DLL

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\I386\SCECLI.DLL
[2004/08/04 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\SYSTEM32\DLLCACHE\scecli.dll
[2004/08/04 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\SYSTEM32\SCECLI.DLL
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\*. /mp /s >
< End of report >

****************************************************************************************
****************************************************************************************

*****EXTRAS FILE*****
OTL Extras logfile created on: 1/25/2010 8:44:33 PM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Cecilia\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 208.00 Mb Available Physical Memory | 41.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.59 Gb Total Space | 56.08 Gb Free Space | 78.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 121.40 Mb Total Space | 19.44 Mb Free Space | 16.01% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MASSEY
Current User Name: Cecilia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Paint Shop Pro Studio] -- "C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\\Paint Shop Pro Studio.exe" "/Browse" "%L" (Jasc Software, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{89C43B94-02D9-47CB-A338-8CEC0E70F638}" = EarthLink MailBox
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{901D1286-529B-48A9-8DDD-4A60CF9E9BF1}" = H&R Block Tax Offer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{ACF2AD4B-9374-4B72-B79B-A743CD41F2A4}" = EarthLink TaskPanel
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EEC93E6F-6E73-46BE-8152-59C66B272219}" = Deal Info
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"CSCLIB" = Canon Camera Support Core Library
"Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922
"EarthLink TotalAccess 2004" = EarthLink Software
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"GoToAssist" = GoToAssist 8.0.0.514
"Greetings Workshop" = Greetings Workshop
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Personal Firewall Plus" = McAfee Personal Firewall Plus
"Mcafee SecurityCenter" = McAfee SecurityCenter
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MyWaySearchAssistantDE" = My Way Search Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Ocean Express Free Trial_is1" = Ocean Express Free Trial
"Perpetual Paper for Smocking" = Perpetual Paper for Smocking
"PhotoStitch" = Canon Utilities PhotoStitch
"PROSet" = Intel® PRO Network Adapters and Drivers
"QuickTime" = QuickTime
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer Basic
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"ResumeMaker" = ResumeMaker
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VirusScan Online" = McAfee VirusScan
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/23/2010 9:56:10 AM | Computer Name = MASSEY | Source = NativeWrapper | ID = 5000
Description =

Error - 1/23/2010 10:48:51 AM | Computer Name = MASSEY | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 1/23/2010 10:48:52 AM | Computer Name = MASSEY | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB953297-X86\NDP1.1sp1-KB953297-X86-msi.0.log.

Error - 1/23/2010 10:48:52 AM | Computer Name = MASSEY | Source = NativeWrapper | ID = 5000
Description =

Error - 1/24/2010 4:37:05 PM | Computer Name = MASSEY | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 1/24/2010 4:37:06 PM | Computer Name = MASSEY | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB953297-X86\NDP1.1sp1-KB953297-X86-msi.0.log.

Error - 1/24/2010 4:37:07 PM | Computer Name = MASSEY | Source = NativeWrapper | ID = 5000
Description =

Error - 1/25/2010 12:29:05 AM | Computer Name = MASSEY | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 1/25/2010 12:29:06 AM | Computer Name = MASSEY | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB953297-X86\NDP1.1sp1-KB953297-X86-msi.0.log.

Error - 1/25/2010 12:29:07 AM | Computer Name = MASSEY | Source = NativeWrapper | ID = 5000
Description =

[ System Events ]
Error - 1/25/2010 12:19:20 AM | Computer Name = MASSEY | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%2

Error - 1/25/2010 12:21:31 AM | Computer Name = MASSEY | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 1/25/2010 12:29:07 AM | Computer Name = MASSEY | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1 Security Update
for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and
Windows Server 2008 R2 (KB953297).

Error - 1/25/2010 10:24:29 PM | Computer Name = MASSEY | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%2

Error - 1/25/2010 10:26:39 PM | Computer Name = MASSEY | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 1/25/2010 10:26:57 PM | Computer Name = MASSEY | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 1/25/2010 10:35:31 PM | Computer Name = MASSEY | Source = Service Control Manager | ID = 7034
Description = The Canon Camera Access Library 8 service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/25/2010 10:35:31 PM | Computer Name = MASSEY | Source = Service Control Manager | ID = 7034
Description = The AOL Connectivity Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 1/25/2010 10:35:31 PM | Computer Name = MASSEY | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 1/25/2010 10:37:25 PM | Computer Name = MASSEY | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%2


< End of report >


#10 User is offline   syler 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 8,150
  • Joined: 07-November 07
  • Gender:Male
  • Location:Warrington, UK

Posted 26 January 2010 - 03:39 PM

Hi crumpms,

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Posted Image
If I have helped you, and you would like to make a donation to me, click here

#11 User is offline   crumpms 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 16
  • Joined: 16-January 10

Posted 26 January 2010 - 09:34 PM

syler,
here's the ComboFix log.

Mike

**********************************************************************************************
**********************************************************************************************

ComboFix 10-01-26.02 - Cecilia 01/26/2010 20:12:48.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.205 [GMT -6:00]
Running from: c:\documents and settings\Cecilia\Desktop\ComboFix.exe
FW: McAfee Personal Firewall Plus *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\adobe\acrotray.exe
c:\program files\Internet Explorer\wmpscfgs.exe
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\recycler\S-1-5-21-725345543-117609710-2147061141-1003
c:\windows\system32\ctfmon .exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_NPF
-------\Service_6to4
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-12-27 to 2010-01-27 )))))))))))))))))))))))))))))))
.

2010-01-26 02:35 . 2010-01-26 02:35 -------- d-----w- C:\_OTM
2010-01-26 02:28 . 2010-01-26 02:29 -------- d-----w- c:\program files\ERUNT
2010-01-24 18:32 . 2010-01-24 18:32 4232816 ----a-w- c:\temp\mbam-rules.exe
2010-01-24 18:27 . 2010-01-25 04:22 -------- d-----w- C:\rsit
2010-01-24 13:23 . 2010-01-24 13:18 293376 ----a-w- c:\temp\bhsegjts.exe
2010-01-16 14:36 . 2010-01-16 14:37 -------- d-----w- c:\windows\ERUNT
2010-01-16 05:16 . 2010-01-16 05:16 -------- d-----w- c:\documents and settings\Cecilia\Local Settings\Application Data\Sophos
2010-01-16 04:53 . 2010-01-16 05:46 -------- d-----w- c:\documents and settings\Cecilia\Application Data\SUPERAntiSpyware.com
2010-01-16 01:06 . 2010-01-16 01:06 -------- d-----w- c:\documents and settings\Cecilia\Local Settings\Application Data\Adobe
2010-01-16 01:06 . 2010-01-16 01:06 -------- d-----w- c:\documents and settings\Cecilia\Application Data\AdobeUM
2010-01-16 01:03 . 2010-01-16 01:03 -------- d-----w- c:\documents and settings\Cecilia\Application Data\Malwarebytes
2010-01-02 04:13 . 2010-01-16 01:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ixrhdn
2010-01-02 03:15 . 2010-01-02 03:15 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-02 03:15 . 2010-01-02 03:15 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-02 03:15 . 2010-01-02 03:15 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-02 03:15 . 2010-01-02 03:15 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-02 03:15 . 2010-01-02 03:15 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-01-02 03:15 . 2010-01-02 03:15 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-02 03:12 . 2010-01-16 02:00 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-02 03:12 . 2010-01-02 03:12 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-02 03:12 . 2010-01-02 03:12 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-02 03:11 . 2010-01-02 03:12 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-01-02 03:11 . 2010-01-02 03:11 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-02 03:11 . 2010-01-02 03:11 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-02 03:11 . 2010-01-02 03:11 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-01-02 02:04 . 2010-01-02 02:04 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-02 02:04 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-02 02:04 . 2009-12-07 14:10 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-01-02 02:04 . 2010-01-02 02:04 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-02 02:02 . 2010-01-02 02:02 -------- d-----w- c:\program files\Lavasoft
2010-01-02 00:11 . 2010-01-16 01:05 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-01 21:03 . 2009-12-01 16:53 670072 ----a-w- c:\temp\autoruns.exe
2010-01-01 21:03 . 2009-12-01 16:53 559992 ----a-w- c:\temp\autorunsc.exe
2009-12-31 03:54 . 2009-12-31 03:54 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-12-31 03:53 . 2009-12-31 03:38 8043648 ----a-w- c:\temp\is360setup130.exe
2009-12-29 17:06 . 2009-12-29 17:05 15452536 ----a-w- c:\temp\IE7-WindowsXP-x86-enu.exe
2009-12-29 16:42 . 2009-12-29 16:42 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-29 16:37 . 2009-12-29 16:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-29 15:30 . 2009-12-29 16:42 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-29 15:29 . 2009-12-29 15:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-12-29 14:23 . 2009-12-29 14:23 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sophos
2009-12-29 14:14 . 2009-12-29 14:15 -------- d-----w- c:\temp\Dec_29_2009_Registry_Backup_Pre-Safe_Mode_Merge
2009-12-29 04:45 . 2009-12-29 04:45 -------- d-----w- c:\documents and settings\Keith\Local Settings\Application Data\Sophos
2009-12-29 04:39 . 2009-12-29 04:37 3981451 ----a-w- c:\temp\449_ides.exe
2009-12-29 04:28 . 2009-12-29 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2009-12-29 04:23 . 2009-03-26 14:34 155102613 ----a-w- c:\temp\HOME_INSTALLER.EXE
2009-12-29 00:28 . 2009-12-29 00:28 52224 ----a-w- c:\documents and settings\Keith\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-28 20:59 . 2009-12-29 00:28 117760 ----a-w- c:\documents and settings\Keith\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-28 20:58 . 2009-12-28 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-28 20:58 . 2009-12-28 20:58 -------- d-----w- c:\documents and settings\Keith\Application Data\SUPERAntiSpyware.com
2009-12-28 20:54 . 2009-12-28 20:56 7451168 ----a-w- c:\temp\SUPERAntiSpyware.exe
2009-12-28 19:06 . 2009-12-28 19:06 -------- d-----w- c:\documents and settings\Keith\Local Settings\Application Data\PCHealth
2009-12-28 17:40 . 2009-12-28 17:40 -------- d-----w- c:\windows\ServicePackFiles
2009-12-28 15:14 . 2009-12-28 15:14 -------- d-----w- c:\temp\Dec_28_2009_Registry_Backup
2009-12-28 04:55 . 2009-12-28 04:55 -------- d-----w- c:\program files\Trend Micro
2009-12-28 04:33 . 2009-12-28 04:33 -------- d-----w- c:\documents and settings\Keith\Application Data\Malwarebytes
2009-12-28 04:33 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-28 04:33 . 2009-12-28 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-28 04:33 . 2010-01-16 01:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-28 04:33 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-28 04:32 . 2009-12-28 04:31 4844264 ----a-w- c:\temp\mbam-setup.exe
2009-12-28 04:32 . 2009-09-27 01:14 812344 ----a-w- c:\temp\HJTInstall.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 04:52 . 2006-03-09 20:33 -------- d-----w- c:\documents and settings\Cecilia\Application Data\McAfee.com Personal Firewall
2010-01-02 02:02 . 2009-12-26 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-27 00:50 . 2007-07-16 21:04 -------- d-----w- c:\program files\DellSupport
2009-12-26 16:18 . 2006-09-22 20:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-26 16:12 . 2006-09-22 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-26 15:47 . 2006-09-22 20:18 -------- d-----w- c:\documents and settings\Keith\Application Data\Lavasoft
2009-12-26 04:03 . 2005-02-17 23:03 -------- d-----w- c:\program files\EarthLink TotalAccess
2009-12-26 04:02 . 2007-11-13 21:46 325822 ----a-w- c:\documents and settings\All Users\Application Data\Dell\TransferAgent\transferagent.exe
2009-12-17 05:12 . 2009-12-17 05:12 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-12-17 05:12 . 2009-12-17 05:12 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-12-17 05:12 . 2009-12-17 05:12 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-12-16 22:08 . 2009-12-16 22:08 -------- d-----w- c:\documents and settings\Keith\Application Data\Viewpoint
2009-12-11 13:41 . 2009-12-11 13:41 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AdobeUM
2009-11-21 16:36 . 2004-08-04 11:00 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:46 . 2004-08-04 11:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-04 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-04 11:00 17408 ----a-w- c:\windows\system32\corpol.dll
.
CODE
<pre>
c:\program files\Adobe\acrotray .exe
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\DellSupport\dsagnt .exe
c:\program files\EarthLink TotalAccess\taskpanl .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\McAfee.com\Agent\mcagent .exe
c:\program files\McAfee.com\Agent\mcupdate .exe
c:\program files\McAfee.com\Agent\mcupda~1 .exe
c:\program files\McAfee.com\Personal Firewall\mpftray .exe
c:\program files\McAfee.com\VSO\mcvsshld .exe
c:\windows\PCHEALTH\HELPCTR\BINARIES\msconfig .exe
c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\crrwhd\gnudsysguard .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-01-27 371378]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2010-01-27 372074]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2010-01-27 382794]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2010-01-27 376922]
"MCAgentExe"="c:\progra~1\McAfee.com\Agent\McAgent.exe" [2010-01-27 371810]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]

c:\documents and settings\Cecilia\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-06-17 21:17 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Darlene^Start Menu^Programs^Startup^Greetings Workshop Reminders.lnk]
path=c:\documents and settings\Darlene\Start Menu\Programs\Startup\Greetings Workshop Reminders.lnk
backup=c:\windows\pss\Greetings Workshop Reminders.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 922]
2004-06-18 15:30 290816 ----a-w- c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2009-12-27 00:50 306802 ----a-w- c:\program files\DellSupport\dsagnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel]
2009-12-26 04:03 321334 ----a-w- c:\program files\EarthLink TotalAccess\taskpanl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 15:32 77824 ----a-w- c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 15:36 114688 ----a-w- c:\windows\SYSTEM32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 15:35 94208 ----a-w- c:\windows\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2004-09-14 14:50 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2004-09-14 14:50 131072 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSCD_Creator]
2004-10-31 11:21 408576 ----a-w- c:\dell\PREODM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-04-12 02:15 290816 ------w- c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2005-02-06 06:40 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 19:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 09:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-01-01 22:48 425946 ----a-w- c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
2004-07-01 21:15 139264 ----a-w- c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MpfService"=2 (0x2)
"MCVSRte"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=3 (0x3)
"McDetect.exe"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [1/1/2010 8:04 PM 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 7:19 AM 1181328]
S3 NaiFiltr;NaiFiltr;c:\windows\SYSTEM32\DRIVERS\NaiFiltr.sys [2/6/2005 12:38 AM 23296]
.
Contents of the 'Scheduled Tasks' folder

2010-01-27 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:12]

2010-01-27 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:12]

2010-01-27 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:12]

2010-01-27 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:12]

2010-01-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:12]

2010-01-27 c:\windows\Tasks\At1.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 02:18]

2010-01-27 c:\windows\Tasks\At10.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 02:18]

2010-01-27 c:\windows\Tasks\At11.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 02:18]

2010-01-27 c:\windows\Tasks\At12.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 02:18]

2010-01-27 c:\windows\Tasks\At13.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 02:18]

2010-01-27 c:\windows\Tasks\At14.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 02:18]

2010-01-27 c:\windows\Tasks\At15.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 02:18]

2010-01-27 c:\windows\Tasks\At16.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 02:18]

2010-01-27 c:\windows\Tasks\At17.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 02:18]

2010-01-27 c:\windows\Tasks\At18.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 02:18]

2010-01-27 c:\windows\Tasks\At19.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 02:18]

2010-01-27 c:\windows\Tasks\At2.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 02:18]

2010-01-27 c:\windows\Tasks\At20.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 02:18]

2010-01-27 c:\windows\Tasks\At21.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 02:18]

2010-01-27 c:\windows\Tasks\At22.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 02:18]

2010-01-27 c:\windows\Tasks\At23.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 02:18]

2010-01-27 c:\windows\Tasks\At24.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 02:18]

2010-01-27 c:\windows\Tasks\At3.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 02:18]

2010-01-27 c:\windows\Tasks\At4.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 02:18]

2010-01-27 c:\windows\Tasks\At5.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 02:18]

2010-01-27 c:\windows\Tasks\At6.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 02:18]

2010-01-27 c:\windows\Tasks\At7.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 02:18]

2010-01-27 c:\windows\Tasks\At8.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 02:18]

2010-01-27 c:\windows\Tasks\At9.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 02:18]

2009-12-26 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (MASSEY-Darlene).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2005-02-06 21:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell4me.com/myway
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

AddRemove-EarthLink TotalAccess 2004 - c:\program files\EarthLink TotalAccess\uninstll.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-26 20:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(3404)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-01-26 20:26:06 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-27 02:26

Pre-Run: 59,964,751,872 bytes free
Post-Run: 59,860,377,600 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 65599673DF24F13D82D5027E4EC88D41

#12 User is offline   syler 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 8,150
  • Joined: 07-November 07
  • Gender:Male
  • Location:Warrington, UK

Posted 27 January 2010 - 09:04 AM

Mike,

You have a few suspiciously named files in this folder c:\temp do you know what all the files in this folder are?

I need you to re-enable all the startups you have disabled with MSConfig, you can disable the entries again when we are finished.

Click Start >> Run, then type msconfig in the box.
Under the general tab, select Normal Startup - load all devices and services.
Click Apply then Close, but DO NOT restart the computer yet.



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

CODE
File::
c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
c:\progra~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\agent\McUpdate.exe
c:\progra~1\McAfee.com\Agent\McAgent.exe
c:\program files\DellSupport\dsagnt.exe
c:\program files\EarthLink TotalAccess\taskpanl.exe
c:\program files\Malwarebytes' Anti-Malware\mbam.exe
c:\program files\McAfee.com\Agent\mcupda~1.exe
c:\windows\PCHEALTH\HELPCTR\BINARIES\msconfig.exe
Folder::
c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\crrwhd
AtJob::
RenV::
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\McAfee.com\VSO\mcvsshld .exe
c:\program files\McAfee.com\Personal Firewall\mpftray .exe
c:\program files\McAfee.com\Agent\mcupdate .exe
c:\program files\McAfee.com\Agent\mcagent .exe
c:\program files\DellSupport\dsagnt .exe
c:\program files\EarthLink TotalAccess\taskpanl .exe
c:\program files\Adobe\acrotray .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\McAfee.com\Agent\mcupda~1 .exe
c:\windows\PCHEALTH\HELPCTR\BINARIES\msconfig .exe


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Then reboot your computer and run Rsit again and post the new log.txt with combofix.txt.

Thanks
Posted Image
If I have helped you, and you would like to make a donation to me, click here

#13 User is offline   crumpms 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 16
  • Joined: 16-January 10

Posted 27 January 2010 - 11:23 PM

Hi syler,
thanks for sticking with me on this.

Concerning the files in the TEMP folder, I'm confident about them. Here's a list of what they are:
449_ides - I recall seeing it on some malware removal site (don't remember which one)
Ad-AwareInstallation - Lavasoft
autoruns - Sysinternals.com
autorunsc - Sysinternals.com
bhsegjts - GMER
HJTInstall - Trend Micro
is360setup130 - IObit Security 360
mbam-rules - Malwarebytes manual update
mbam-setup - Malwarebytes setup program
SDFix - betanews.com
SuperAntiSpyware - SuperAntiSpyware.com
SafeBoot-for-Windows-XP-SP2.reg - replaces removed registry entries to allow booting in safe mode

Here are the ComboFix and RSIT logs:
****************************************************************************
****************************************************************************

ComboFix log

ComboFix 10-01-26.02 - Cecilia 01/27/2010 17:01:32.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.235 [GMT -6:00]
Running from: c:\documents and settings\Cecilia\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Cecilia\Desktop\CFScript.txt
FW: McAfee Personal Firewall Plus *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe"
"c:\progra~1\McAfee.com\Agent\McAgent.exe"
"c:\progra~1\mcafee.com\agent\McUpdate.exe"
"c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe"
"c:\progra~1\mcafee.com\vso\mcvsshld.exe"
"c:\program files\DellSupport\dsagnt.exe"
"c:\program files\EarthLink TotalAccess\taskpanl.exe"
"c:\program files\Malwarebytes' Anti-Malware\mbam.exe"
"c:\program files\McAfee.com\Agent\mcupda~1.exe"
"c:\windows\PCHEALTH\HELPCTR\BINARIES\msconfig.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
c:\progra~1\McAfee.com\Agent\McAgent.exe
c:\progra~1\mcafee.com\agent\McUpdate.exe
c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsshld.exe
c:\program files\adobe\acrotray.exe
c:\program files\DellSupport\dsagnt.exe
c:\program files\EarthLink TotalAccess\taskpanl.exe
c:\program files\Internet Explorer\wmpscfgs.exe
c:\program files\Malwarebytes' Anti-Malware\mbam.exe
c:\program files\McAfee.com\Agent\mcupda~1.exe
c:\windows\PCHEALTH\HELPCTR\BINARIES\msconfig.exe
c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\crrwhd
c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\crrwhd\gnudsysguard .exe
c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\crrwhd\gnudsysguard.exe.delme79
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((( Files Created from 2009-12-27 to 2010-01-27 )))))))))))))))))))))))))))))))
.

2010-01-26 02:35 . 2010-01-26 02:35 -------- d-----w- C:\_OTM
2010-01-26 02:28 . 2010-01-26 02:29 -------- d-----w- c:\program files\ERUNT
2010-01-24 18:32 . 2010-01-24 18:32 4232816 ----a-w- c:\temp\mbam-rules.exe
2010-01-24 18:27 . 2010-01-25 04:22 -------- d-----w- C:\rsit
2010-01-24 13:23 . 2010-01-24 13:18 293376 ----a-w- c:\temp\bhsegjts.exe
2010-01-16 14:36 . 2010-01-16 14:37 -------- d-----w- c:\windows\ERUNT
2010-01-16 05:16 . 2010-01-16 05:16 -------- d-----w- c:\documents and settings\Cecilia\Local Settings\Application Data\Sophos
2010-01-16 04:53 . 2010-01-16 05:46 -------- d-----w- c:\documents and settings\Cecilia\Application Data\SUPERAntiSpyware.com
2010-01-16 01:06 . 2010-01-16 01:06 -------- d-----w- c:\documents and settings\Cecilia\Local Settings\Application Data\Adobe
2010-01-16 01:06 . 2010-01-16 01:06 -------- d-----w- c:\documents and settings\Cecilia\Application Data\AdobeUM
2010-01-16 01:03 . 2010-01-16 01:03 -------- d-----w- c:\documents and settings\Cecilia\Application Data\Malwarebytes
2010-01-02 04:13 . 2010-01-16 01:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ixrhdn
2010-01-02 03:15 . 2010-01-02 03:15 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-02 03:15 . 2010-01-02 03:15 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-02 03:15 . 2010-01-02 03:15 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-02 03:15 . 2010-01-02 03:15 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-02 03:15 . 2010-01-02 03:15 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-01-02 03:15 . 2010-01-02 03:15 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-02 03:12 . 2010-01-16 02:00 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-02 03:12 . 2010-01-02 03:12 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-02 03:12 . 2010-01-02 03:12 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-02 03:11 . 2010-01-02 03:12 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-01-02 03:11 . 2010-01-02 03:11 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-02 03:11 . 2010-01-02 03:11 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-02 03:11 . 2010-01-02 03:11 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-01-02 02:04 . 2010-01-02 02:04 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-02 02:04 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-02 02:04 . 2009-12-07 14:10 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-01-02 02:04 . 2010-01-02 02:04 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-02 02:02 . 2010-01-02 02:02 -------- d-----w- c:\program files\Lavasoft
2010-01-02 00:11 . 2010-01-16 01:05 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-01 21:03 . 2009-12-01 16:53 670072 ----a-w- c:\temp\autoruns.exe
2010-01-01 21:03 . 2009-12-01 16:53 559992 ----a-w- c:\temp\autorunsc.exe
2009-12-31 03:54 . 2009-12-31 03:54 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-12-31 03:53 . 2009-12-31 03:38 8043648 ----a-w- c:\temp\is360setup130.exe
2009-12-29 17:06 . 2009-12-29 17:05 15452536 ----a-w- c:\temp\IE7-WindowsXP-x86-enu.exe
2009-12-29 16:42 . 2009-12-29 16:42 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-29 16:37 . 2009-12-29 16:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-29 15:30 . 2009-12-29 16:42 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-29 15:29 . 2009-12-29 15:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-12-29 14:23 . 2009-12-29 14:23 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sophos
2009-12-29 14:14 . 2009-12-29 14:15 -------- d-----w- c:\temp\Dec_29_2009_Registry_Backup_Pre-Safe_Mode_Merge
2009-12-29 04:45 . 2009-12-29 04:45 -------- d-----w- c:\documents and settings\Keith\Local Settings\Application Data\Sophos
2009-12-29 04:39 . 2009-12-29 04:37 3981451 ----a-w- c:\temp\449_ides.exe
2009-12-29 04:28 . 2009-12-29 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2009-12-29 04:23 . 2009-03-26 14:34 155102613 ----a-w- c:\temp\HOME_INSTALLER.EXE
2009-12-29 00:28 . 2009-12-29 00:28 52224 ----a-w- c:\documents and settings\Keith\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 23:11 . 2005-02-21 02:05 -------- d-----w- c:\program files\Dell Photo AIO Printer 922
2010-01-27 23:11 . 1980-01-01 06:00 442090 ----a-w- c:\windows\system32\hkcmd.exe
2010-01-27 23:11 . 2005-09-20 15:36 453010 ----a-w- c:\windows\system32\igfxpers.exe
2010-01-27 23:11 . 1980-01-01 06:00 446438 ----a-w- c:\windows\system32\igfxtray.exe
2010-01-27 23:11 . 2007-07-16 21:04 -------- d-----w- c:\program files\DellSupport
2010-01-27 23:11 . 2005-02-17 23:03 -------- d-----w- c:\program files\EarthLink TotalAccess
2010-01-27 23:07 . 2009-12-28 04:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-16 04:52 . 2006-03-09 20:33 -------- d-----w- c:\documents and settings\Cecilia\Application Data\McAfee.com Personal Firewall
2010-01-07 22:07 . 2009-12-28 04:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2009-12-28 04:33 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 02:02 . 2009-12-26 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-29 00:28 . 2009-12-28 20:59 117760 ----a-w- c:\documents and settings\Keith\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-28 20:58 . 2009-12-28 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-28 20:58 . 2009-12-28 20:58 -------- d-----w- c:\documents and settings\Keith\Application Data\SUPERAntiSpyware.com
2009-12-28 04:55 . 2009-12-28 04:55 -------- d-----w- c:\program files\Trend Micro
2009-12-28 04:33 . 2009-12-28 04:33 -------- d-----w- c:\documents and settings\Keith\Application Data\Malwarebytes
2009-12-28 04:33 . 2009-12-28 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-26 16:18 . 2006-09-22 20:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-26 16:12 . 2006-09-22 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-26 15:47 . 2006-09-22 20:18 -------- d-----w- c:\documents and settings\Keith\Application Data\Lavasoft
2009-12-26 04:02 . 2007-11-13 21:46 325822 ----a-w- c:\documents and settings\All Users\Application Data\Dell\TransferAgent\transferagent.exe
2009-12-17 05:12 . 2009-12-17 05:12 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-12-17 05:12 . 2009-12-17 05:12 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-12-17 05:12 . 2009-12-17 05:12 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-12-16 22:08 . 2009-12-16 22:08 -------- d-----w- c:\documents and settings\Keith\Application Data\Viewpoint
2009-12-11 13:41 . 2009-12-11 13:41 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AdobeUM
2009-11-21 16:36 . 2004-08-04 11:00 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
.
CODE
<pre>
c:\program files\Adobe\acrotray .exe
c:\program files\Analog Devices\Core\smax4pnp .exe
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\Dell\Media Experience\pcmservice .exe
c:\program files\Dell Photo AIO Printer 922\dlbtbmgr .exe
c:\program files\DellSupport\dsagnt .exe
c:\program files\EarthLink TotalAccess\taskpanl .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Java\jre1.6.0_07\bin\jusched .exe
c:\program files\McAfee.com\Agent\mcagent .exe
c:\program files\McAfee.com\Agent\mcupdate .exe
c:\program files\McAfee.com\Personal Firewall\mpftray .exe
c:\program files\McAfee.com\VSO\mcmnhdlr .exe
c:\program files\McAfee.com\VSO\mcvsshld .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask .exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray .exe
c:\program files\Real\RealPlayer\realplay .exe
c:\windows\SYSTEM32\hkcmd .exe
c:\windows\SYSTEM32\igfxpers .exe
c:\windows\SYSTEM32\igfxtray .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-27 445446]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2010-01-27 442874]
"E6TaskPanel"="c:\program files\EarthLink TotalAccess\TaskPanl.exe" [2010-01-27 457094]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2010-01-27 431962]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-01-27 467270]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2010-01-27 449702]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2010-01-27 441870]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2010-01-27 460690]
"MCAgentExe"="c:\progra~1\McAfee.com\Agent\McAgent.exe" [2010-01-27 436570]
"VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" [2010-01-27 444458]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2010-01-27 456834]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2010-01-27 438442]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2010-01-27 435858]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2010-01-27 441642]
"OSCD_Creator"="c:\dell\PreODM.EXE" [2010-01-27 466590]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2010-01-27 440002]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2010-01-27 457098]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2010-01-27 446438]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2010-01-27 453010]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2010-01-27 442090]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2010-01-27 442862]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"OSCD_Creator"="c:\dell\PreODM.EXE" [2010-01-27 466590]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]

c:\documents and settings\Darlene\Start Menu\Programs\Startup\
Greetings Workshop Reminders.lnk - c:\program files\Greetings Workshop\GWREMIND.EXE [1997-9-4 50688]

c:\documents and settings\Cecilia\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-2-6 156784]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-2-6 24576]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-06-17 21:17 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [1/1/2010 8:04 PM 64288]
S3 NaiFiltr;NaiFiltr;c:\windows\SYSTEM32\DRIVERS\NaiFiltr.sys [2/6/2005 12:38 AM 23296]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 7:19 AM 1181328]
.
Contents of the 'Scheduled Tasks' folder

2010-01-27 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:12]

2010-01-27 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:12]

2010-01-27 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:12]

2010-01-27 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:12]

2010-01-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:12]

2010-01-27 c:\windows\Tasks\At1.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 23:09]

2010-01-27 c:\windows\Tasks\At10.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 23:09]

2010-01-27 c:\windows\Tasks\At11.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 23:09]

2010-01-27 c:\windows\Tasks\At12.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 23:09]

2010-01-27 c:\windows\Tasks\At13.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 23:09]

2010-01-27 c:\windows\Tasks\At14.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 23:09]

2010-01-27 c:\windows\Tasks\At15.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 23:09]

2010-01-27 c:\windows\Tasks\At16.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 23:09]

2010-01-27 c:\windows\Tasks\At17.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 23:09]

2010-01-27 c:\windows\Tasks\At18.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 23:09]

2010-01-27 c:\windows\Tasks\At19.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 23:09]

2010-01-27 c:\windows\Tasks\At2.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 23:09]

2010-01-27 c:\windows\Tasks\At20.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 23:09]

2010-01-27 c:\windows\Tasks\At21.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 23:09]

2010-01-27 c:\windows\Tasks\At22.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 23:09]

2010-01-27 c:\windows\Tasks\At23.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 23:09]

2010-01-27 c:\windows\Tasks\At24.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 23:09]

2010-01-27 c:\windows\Tasks\At3.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 23:09]

2010-01-27 c:\windows\Tasks\At4.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 23:09]

2010-01-27 c:\windows\Tasks\At5.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 23:09]

2010-01-27 c:\windows\Tasks\At6.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 23:09]

2010-01-27 c:\windows\Tasks\At7.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 23:09]

2010-01-27 c:\windows\Tasks\At8.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 23:09]

2010-01-27 c:\windows\Tasks\At9.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-01-27 23:09]

2009-12-26 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (MASSEY-Darlene).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2005-02-06 23:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell4me.com/myway
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-27 17:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
OSCD_Creator = c:\dell\PreODM.EXE /2??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


c:\windows\system32\igfxpers .exe 114688 bytes executable
c:\windows\system32\igfxtray .exe 94208 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(3132)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\program files\Dell Photo AIO Printer 922\dlbtbmon.exe
.
**************************************************************************
.
Completion time: 2010-01-27 17:14:57 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-27 23:14
ComboFix2.txt 2010-01-27 02:26

Pre-Run: 59,767,164,928 bytes free
Post-Run: 59,707,965,440 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 84706969AD29F7D4A0F284D99193CE22

**************************************************************************************
**************************************************************************************

RSIT log


Logfile of random's system information tool 1.06 (written by random/random)
Run by Cecilia at 2010-01-27 17:19:04
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 57 GB (78%) free of 73 GB
Total RAM: 510 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:19:16 PM, on 1/27/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
c:\program files\internet explorer\wmpscfgs.exe
C:\Program Files\Internet Explorer\wmpscfgs.exe
C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\progra~1\mcafee.com\agent\McUpdate.exe
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Dell\PreODM.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\igfxtray.exe
c:\progra~1\mcafee.com\vso\mcvsshld .exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\DellSupport\DSAgnt.exe
c:\progra~1\mcafee.com\person~1\mpftray .exe
c:\progra~1\mcafee.com\agent\mcupdate .exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\progra~1\mcafee.com\agent\mcagent .exe
c:\program files\java\jre1.6.0_07\bin\jusched .exe
c:\program files\analog devices\core\smax4pnp .exe
c:\program files\real\realplayer\realplay .exe
c:\program files\dell\media experience\pcmservice .exe
c:\program files\musicmatch\musicmatch jukebox\mm_tray .exe
c:\windows\system32\igfxpers .exe
c:\program files\dell photo aio printer 922\dlbtbmgr .exe
c:\windows\system32\hkcmd .exe
c:\program files\earthlink totalaccess\taskpanl .exe
c:\program files\dellsupport\dsagnt .exe
c:\program files\musicmatch\musicmatch jukebox\mmtask .exe
c:\program files\dell photo aio printer 922\dlbtbmon.exe
C:\Documents and Settings\Cecilia\Desktop\RSIT.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\Cecilia.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [OSCD_Creator] c:\Dell\PreODM.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\RunOnce: [OSCD_Creator] c:\dell\PreODM.EXE /2
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -noauth
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1261854862937
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 8463 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (MASSEY-Darlene).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-27 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655} - McAfee VirusScan - c:\progra~1\mcafee.com\vso\mcvsshl.dll [2003-08-18 114743]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-27 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"=C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe [2010-01-27 450610]
"VirusScan Online"=c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe [2010-01-27 442422]
"MPFExe"=C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [2010-01-27 467670]
"MCUpdateExe"=c:\progra~1\mcafee.com\agent\McUpdate.exe [2010-01-27 456690]
"MCAgentExe"=C:\PROGRA~1\McAfee.com\Agent\McAgent.exe [2010-01-27 462098]
"VSOCheckTask"=c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe [2010-01-27 434050]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2010-01-27 434774]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2010-01-27 432754]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2010-01-27 450662]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2010-01-27 463530]
"OSCD_Creator"=c:\Dell\PreODM.EXE [2010-01-27 467470]
"MMTray"=C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [2010-01-27 432178]
"mmtask"=C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe [2010-01-27 456894]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2010-01-27 432914]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2010-01-27 468078]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2010-01-27 431746]
"Dell Photo AIO Printer 922"=C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe [2010-01-27 432574]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"OSCD_Creator"=c:\dell\PreODM.EXE [2010-01-27 467470]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2010-01-27 467758]
"E6TaskPanel"=C:\Program Files\EarthLink TotalAccess\TaskPanl.exe [2010-01-27 465566]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2010-01-27 446126]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

C:\Documents and Settings\Cecilia\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2009-06-17 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"

======List of files/folders created in the last 2 months======

2010-01-27 17:15:00 ----D---- C:\WINDOWS\temp
2010-01-27 17:14:58 ----A---- C:\ComboFix.txt
2010-01-27 17:00:20 ----A---- C:\WINDOWS\zip.exe
2010-01-27 17:00:20 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-27 17:00:20 ----A---- C:\WINDOWS\SWSC.exe
2010-01-27 17:00:20 ----A---- C:\WINDOWS\SWREG.exe
2010-01-27 17:00:20 ----A---- C:\WINDOWS\sed.exe
2010-01-27 17:00:20 ----A---- C:\WINDOWS\PEV.exe
2010-01-27 17:00:20 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-27 17:00:20 ----A---- C:\WINDOWS\MBR.exe
2010-01-27 17:00:20 ----A---- C:\WINDOWS\grep.exe
2010-01-26 20:11:34 ----A---- C:\Boot.bak
2010-01-26 20:11:27 ----RASHD---- C:\cmdcons
2010-01-26 20:09:00 ----D---- C:\Qoobox
2010-01-25 20:35:24 ----D---- C:\_OTM
2010-01-25 20:30:36 ----D---- C:\WINDOWS\ERDNT
2010-01-25 20:28:53 ----D---- C:\Program Files\ERUNT
2010-01-24 12:27:44 ----D---- C:\rsit
2010-01-19 22:48:48 ----A---- C:\RootRepeal report 01-19-10 (22-48-48).txt
2010-01-16 09:50:40 ----A---- C:\RootRepeal report 01-16-10 (09-50-40).txt
2010-01-16 08:36:46 ----D---- C:\WINDOWS\ERUNT
2010-01-16 03:03:24 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-15 22:53:28 ----D---- C:\Documents and Settings\Cecilia\Application Data\SUPERAntiSpyware.com
2010-01-15 19:06:52 ----D---- C:\Documents and Settings\Cecilia\Application Data\AdobeUM
2010-01-15 19:03:56 ----D---- C:\Documents and Settings\Cecilia\Application Data\Malwarebytes
2010-01-01 20:04:39 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-01 20:04:05 ----HDC---- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-01 20:02:42 ----D---- C:\Program Files\Lavasoft
2009-12-30 21:54:56 ----D---- C:\Documents and Settings\All Users\Application Data\IObit
2009-12-29 14:01:20 ----A---- C:\WINDOWS\system32\MRT.INI
2009-12-29 13:55:11 ----A---- C:\WINDOWS\system32\mrt.exe
2009-12-29 13:54:37 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2009-12-29 13:54:12 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-29 13:53:48 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-29 13:47:52 ----D---- C:\WINDOWS\ie7updates
2009-12-29 13:47:25 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2009-12-29 13:45:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2009-12-29 13:44:34 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2009-12-29 13:44:10 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2009-12-29 13:43:50 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2009-12-29 13:42:48 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2009-12-29 11:11:23 ----D---- C:\WINDOWS\WBEM
2009-12-29 11:11:22 ----D---- C:\WINDOWS\system32\en-US
2009-12-29 11:10:19 ----HDC---- C:\WINDOWS\ie7
2009-12-29 11:10:07 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-12-29 11:09:45 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-12-29 11:08:58 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-12-29 11:08:11 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-12-28 22:28:45 ----D---- C:\Documents and Settings\All Users\Application Data\Sophos
2009-12-28 14:58:54 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-28 11:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-12-28 11:50:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-12-28 11:50:03 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-12-28 11:49:52 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-12-28 11:49:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-12-28 11:49:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-12-28 11:49:24 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2009-12-28 11:49:16 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-12-28 11:49:08 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-12-28 11:49:04 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-12-28 11:48:58 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-28 11:48:46 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-12-28 11:48:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-12-28 11:48:22 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-12-28 11:48:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-12-28 11:48:03 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-12-28 11:47:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-12-28 11:47:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-12-28 11:47:11 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-12-28 11:47:03 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-12-28 11:46:56 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-12-28 11:46:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-12-28 11:46:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-12-28 11:46:31 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-12-28 11:46:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-12-28 11:46:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-12-28 11:45:58 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-12-28 11:45:30 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2009-12-28 11:45:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-12-28 11:45:01 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-12-28 11:44:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-12-28 11:44:12 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-12-28 11:44:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-12-28 11:43:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-12-28 11:43:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-12-28 11:43:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-12-28 11:43:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-28 11:43:12 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-12-28 11:43:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-12-28 11:42:53 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-28 11:41:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-12-28 11:41:38 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-12-28 11:41:30 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-12-28 11:40:52 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-12-28 11:40:09 ----D---- C:\WINDOWS\ServicePackFiles
2009-12-28 11:40:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-12-28 11:39:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-12-28 11:39:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-12-28 11:38:21 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-12-28 11:32:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-12-28 11:28:59 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-12-28 11:27:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-12-28 11:25:15 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-12-28 11:24:40 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-12-28 11:23:55 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-12-28 11:22:00 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-12-28 11:19:57 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-12-27 22:55:43 ----D---- C:\Program Files\Trend Micro
2009-12-27 22:33:18 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-12-27 22:33:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-26 14:29:22 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-12-26 13:21:27 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-12-26 13:15:35 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-12-26 11:05:54 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-12-25 20:38:26 ----D---- C:\SDFix
2009-12-16 23:12:43 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2009-12-16 23:12:43 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2009-12-16 23:12:43 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2009-12-10 22:50:43 ----D---- C:\WINDOWS\system32\LogFiles

======List of files/folders modified in the last 2 months======

2010-01-27 17:19:15 ----SD---- C:\WINDOWS\Tasks
2010-01-27 17:19:14 ----D---- C:\Program Files\Dell Photo AIO Printer 922
2010-01-27 17:19:13 ----D---- C:\WINDOWS\SYSTEM32
2010-01-27 17:19:13 ----A---- C:\WINDOWS\system32\hkcmd.exe
2010-01-27 17:19:12 ----A---- C:\WINDOWS\system32\igfxpers.exe
2010-01-27 17:19:11 ----A---- C:\WINDOWS\system32\igfxtray.exe
2010-01-27 17:19:07 ----D---- C:\DELL
2010-01-27 17:18:55 ----D---- C:\Program Files\DellSupport
2010-01-27 17:18:54 ----D---- C:\Program Files\EarthLink TotalAccess
2010-01-27 17:18:53 ----D---- C:\Program Files\Messenger
2010-01-27 17:18:17 ----A---- C:\WINDOWS\system32\hkcmd.exe.delme84
2010-01-27 17:18:16 ----A---- C:\WINDOWS\system32\igfxpers.exe.delme83
2010-01-27 17:18:15 ----A---- C:\WINDOWS\system32\igfxtray.exe.delme82
2010-01-27 17:17:54 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2010-01-27 17:16:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-27 17:15:00 ----D---- C:\WINDOWS\system32\DRIVERS
2010-01-27 17:15:00 ----D---- C:\WINDOWS
2010-01-27 17:13:38 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-27 17:09:34 ----D---- C:\Program Files\Internet Explorer
2010-01-27 17:09:33 ----D---- C:\Program Files\Adobe
2010-01-27 17:08:49 ----A---- C:\WINDOWS\system.ini
2010-01-27 17:07:13 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2010-01-27 17:05:40 ----D---- C:\WINDOWS\AppPatch
2010-01-27 17:05:37 ----D---- C:\Program Files\Common Files
2010-01-27 16:54:36 ----RASH---- C:\BOOT.INI
2010-01-27 16:54:36 ----A---- C:\WINDOWS\WIN.INI
2010-01-27 16:54:30 ----D---- C:\WINDOWS\pss
2010-01-27 16:53:26 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-27 16:52:19 ----HD---- C:\WINDOWS\INF
2010-01-26 20:35:22 ----SHD---- C:\WINDOWS\Installer
2010-01-26 20:17:25 ----D---- C:\WINDOWS\system32\CONFIG
2010-01-26 20:16:48 ----RD---- C:\Program Files
2010-01-26 20:09:18 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-26 20:08:51 ----D---- C:\WINDOWS\Prefetch
2010-01-24 07:41:20 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-24 07:39:55 ----HDC---- C:\WINDOWS\$NtUninstallKB905915$
2010-01-24 07:23:01 ----D---- C:\Temp
2010-01-15 23:48:41 ----D---- C:\WINDOWS\WinSxS
2010-01-15 23:42:36 ----SD---- C:\Documents and Settings\Cecilia\Application Data\Microsoft
2010-01-15 22:52:35 ----D---- C:\Documents and Settings\Cecilia\Application Data\McAfee.com Personal Firewall
2010-01-15 19:06:32 ----D---- C:\Documents and Settings\Cecilia\Application Data\Adobe
2010-01-01 19:50:16 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2010-01-01 19:07:01 ----D---- C:\I386
2009-12-30 21:57:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-29 11:15:11 ----D---- C:\WINDOWS\Help
2009-12-29 11:11:16 ----D---- C:\WINDOWS\Media
2009-12-28 12:06:10 ----D---- C:\WINDOWS\system32\WBEM
2009-12-28 11:43:37 ----D---- C:\Program Files\Outlook Express
2009-12-28 11:42:34 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-28 11:07:45 ----D---- C:\WINDOWS\SoftwareDistribution
2009-12-28 09:12:44 ----SHD---- C:\System Volume Information
2009-12-28 09:12:44 ----D---- C:\WINDOWS\system32\restore
2009-12-28 07:14:10 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2009-12-28 00:52:18 ----HDC---- C:\WINDOWS\$NtUninstallKB917734_WMP10$
2009-12-27 23:55:14 ----D---- C:\WINDOWS\SECURITY
2009-12-27 23:34:51 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2009-12-26 14:29:21 ----D---- C:\WINDOWS\Debug
2009-12-26 13:14:48 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-26 10:18:52 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-26 10:12:22 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-03 13:33:19 ----A---- C:\WINDOWS\dellstat.ini
2009-12-02 12:33:50 ----D---- C:\WINDOWS\system32\FxsTmp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 MPFIREWL;MPFIREWL; C:\WINDOWS\System32\Drivers\MpFirewall.sys [2004-08-09 83325]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-02-06 8552]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NaiFiltr;NaiFiltr; C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys [2002-03-13 23296]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [2004-04-07 1135728]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-15 38912]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 dlbt_device;dlbt_device; C:\WINDOWS\system32\dlbtcoms.exe [2004-03-16 421888]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2009-06-17 16680]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-22 182768]
S3 McShield;McAfee.com McShield; c:\PROGRA~1\mcafee.com\vso\mcshield.exe [2002-03-13 225375]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-07-01 245760]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-01-01 1181328]
S4 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe [2005-10-13 126976]
S4 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [2005-08-24 122368]
S4 MCVSRte;McAfee.com VirusScan Online Realtime Engine; c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe [2004-08-26 122880]
S4 MpfService;McAfee Personal Firewall Service; C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe [2004-08-22 577536]

-----------------EOF-----------------

#14 User is offline   syler 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 8,150
  • Joined: 07-November 07
  • Gender:Male
  • Location:Warrington, UK

Posted 28 January 2010 - 12:57 PM

Hi,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

CODE
File::
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\program files\Messenger\msmsgs.exe
c:\program files\EarthLink TotalAccess\TaskPanl.exe
c:\program files\DellSupport\DSAgnt.exe
c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
c:\progra~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\agent\McUpdate.exe
c:\progra~1\McAfee.com\Agent\McAgent.exe
c:\progra~1\mcafee.com\vso\mcmnhdlr.exe
c:\program files\Java\jre1.6.0_07\bin\jusched.exe
c:\program files\Analog Devices\Core\smax4pnp.exe
c:\program files\Real\RealPlayer\RealPlay.exe
c:\program files\Dell\Media Experience\PCMService.exe
c:\dell\PreODM.EXE
c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe
c:\windows\system32\igfxtray.exe
c:\windows\system32\igfxpers.exe
c:\windows\system32\hkcmd.exe
c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"OSCD_Creator"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000000
AtJob::
RenV::
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\EarthLink TotalAccess\taskpanl .exe
c:\program files\DellSupport\dsagnt .exe
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\McAfee.com\VSO\mcvsshld .exe
c:\program files\McAfee.com\Personal Firewall\mpftray .exe
c:\program files\McAfee.com\Agent\mcupdate .exe
c:\program files\McAfee.com\Agent\mcagent .exe
c:\program files\McAfee.com\VSO\mcmnhdlr .exe
c:\program files\Java\jre1.6.0_07\bin\jusched .exe
c:\program files\Analog Devices\Core\smax4pnp .exe
c:\program files\Real\RealPlayer\realplay .exe
c:\program files\Dell\Media Experience\pcmservice .exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask .exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray .exe
c:\windows\SYSTEM32\igfxtray .exe
c:\windows\SYSTEM32\igfxpers .exe
c:\windows\SYSTEM32\hkcmd .exe
c:\program files\Dell Photo AIO Printer 922\dlbtbmgr .exe
c:\program files\Adobe\acrotray .exe


Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Posted Image
If I have helped you, and you would like to make a donation to me, click here

#15 User is offline   crumpms 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 16
  • Joined: 16-January 10

Posted 28 January 2010 - 08:43 PM

Hi syler, how was your day?

Here's the ComboFix log file.

Mike

******************************************************************************
******************************************************************************

ComboFix 10-01-26.02 - Cecilia 01/28/2010 16:47:10.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.165 [GMT -6:00]
Running from: c:\documents and settings\Cecilia\Desktop\ComboFix.exe
Command switches used :: e:\bleeping computer\1_28\CFScript.txt
FW: McAfee Personal Firewall Plus *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\dell\PreODM.EXE"
"c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe"
"c:\progra~1\McAfee.com\Agent\McAgent.exe"
"c:\progra~1\mcafee.com\agent\McUpdate.exe"
"c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe"
"c:\progra~1\mcafee.com\vso\mcmnhdlr.exe"
"c:\progra~1\mcafee.com\vso\mcvsshld.exe"
"c:\program files\Analog Devices\Core\smax4pnp.exe"
"c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
"c:\program files\Dell\Media Experience\PCMService.exe"
"c:\program files\DellSupport\DSAgnt.exe"
"c:\program files\EarthLink TotalAccess\TaskPanl.exe"
"c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"c:\program files\Messenger\msmsgs.exe"
"c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
"c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
"c:\program files\Real\RealPlayer\RealPlay.exe"
"c:\windows\system32\hkcmd.exe"
"c:\windows\system32\igfxpers.exe"
"c:\windows\system32\igfxtray.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dell\PreODM.EXE
c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
c:\progra~1\McAfee.com\Agent\McAgent.exe
c:\progra~1\mcafee.com\agent\McUpdate.exe
c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcmnhdlr.exe
c:\progra~1\mcafee.com\vso\mcvsshld.exe
c:\program files\adobe\acrotray.exe
c:\program files\Analog Devices\Core\smax4pnp.exe
c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe
c:\program files\Dell\Media Experience\PCMService.exe
c:\program files\DellSupport\DSAgnt.exe
c:\program files\EarthLink TotalAccess\TaskPanl.exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\program files\Internet Explorer\wmpscfgs.exe
c:\program files\Java\jre1.6.0_07\bin\jusched.exe
c:\program files\Messenger\msmsgs.exe
c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe
c:\program files\Real\RealPlayer\RealPlay.exe
c:\windows\system32\hkcmd.exe
c:\windows\system32\igfxpers.exe
c:\windows\system32\igfxtray.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-28 )))))))))))))))))))))))))))))))
.

2010-01-26 02:35 . 2010-01-26 02:35 -------- d-----w- C:\_OTM
2010-01-26 02:28 . 2010-01-26 02:29 -------- d-----w- c:\program files\ERUNT
2010-01-24 18:32 . 2010-01-24 18:32 4232816 ----a-w- c:\temp\mbam-rules.exe
2010-01-24 18:27 . 2010-01-25 04:22 -------- d-----w- C:\rsit
2010-01-24 13:23 . 2010-01-24 13:18 293376 ----a-w- c:\temp\bhsegjts.exe
2010-01-16 14:36 . 2010-01-16 14:37 -------- d-----w- c:\windows\ERUNT
2010-01-16 05:16 . 2010-01-16 05:16 -------- d-----w- c:\documents and settings\Cecilia\Local Settings\Application Data\Sophos
2010-01-16 04:53 . 2010-01-16 05:46 -------- d-----w- c:\documents and settings\Cecilia\Application Data\SUPERAntiSpyware.com
2010-01-16 01:06 . 2010-01-16 01:06 -------- d-----w- c:\documents and settings\Cecilia\Local Settings\Application Data\Adobe
2010-01-16 01:06 . 2010-01-16 01:06 -------- d-----w- c:\documents and settings\Cecilia\Application Data\AdobeUM
2010-01-16 01:03 . 2010-01-16 01:03 -------- d-----w- c:\documents and settings\Cecilia\Application Data\Malwarebytes
2010-01-02 04:13 . 2010-01-16 01:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ixrhdn
2010-01-02 03:15 . 2010-01-02 03:15 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-02 03:15 . 2010-01-02 03:15 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-02 03:15 . 2010-01-02 03:15 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-02 03:15 . 2010-01-02 03:15 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-02 03:15 . 2010-01-02 03:15 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-01-02 03:15 . 2010-01-02 03:15 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-02 03:12 . 2010-01-16 02:00 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-02 03:12 . 2010-01-02 03:12 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-02 03:12 . 2010-01-02 03:12 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-02 03:11 . 2010-01-02 03:12 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-01-02 03:11 . 2010-01-02 03:11 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-02 03:11 . 2010-01-02 03:11 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-02 03:11 . 2010-01-02 03:11 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-01-02 02:04 . 2010-01-02 02:04 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-02 02:04 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-02 02:04 . 2009-12-07 14:10 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-01-02 02:04 . 2010-01-02 02:04 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-02 02:02 . 2010-01-02 02:02 -------- d-----w- c:\program files\Lavasoft
2010-01-02 00:11 . 2010-01-16 01:05 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-01 21:03 . 2009-12-01 16:53 670072 ----a-w- c:\temp\autoruns.exe
2010-01-01 21:03 . 2009-12-01 16:53 559992 ----a-w- c:\temp\autorunsc.exe
2009-12-31 03:54 . 2009-12-31 03:54 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-12-31 03:53 . 2009-12-31 03:38 8043648 ----a-w- c:\temp\is360setup130.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 22:52 . 2007-07-16 21:04 -------- d-----w- c:\program files\DellSupport
2010-01-28 22:52 . 2005-02-21 02:05 -------- d-----w- c:\program files\Dell Photo AIO Printer 922
2010-01-28 22:52 . 2005-02-17 23:03 -------- d-----w- c:\program files\EarthLink TotalAccess
2010-01-27 23:07 . 2009-12-28 04:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-16 04:52 . 2006-03-09 20:33 -------- d-----w- c:\documents and settings\Cecilia\Application Data\McAfee.com Personal Firewall
2010-01-07 22:07 . 2009-12-28 04:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2009-12-28 04:33 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 02:02 . 2009-12-26 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-29 16:42 . 2009-12-29 16:42 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-29 16:42 . 2009-12-29 15:30 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-29 16:37 . 2009-12-29 16:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-29 15:29 . 2009-12-29 15:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-12-29 04:28 . 2009-12-29 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2009-12-29 00:28 . 2009-12-29 00:28 52224 ----a-w- c:\documents and settings\Keith\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-29 00:28 . 2009-12-28 20:59 117760 ----a-w- c:\documents and settings\Keith\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-28 20:58 . 2009-12-28 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-28 20:58 . 2009-12-28 20:58 -------- d-----w- c:\documents and settings\Keith\Application Data\SUPERAntiSpyware.com
2009-12-28 04:55 . 2009-12-28 04:55 -------- d-----w- c:\program files\Trend Micro
2009-12-28 04:33 . 2009-12-28 04:33 -------- d-----w- c:\documents and settings\Keith\Application Data\Malwarebytes
2009-12-28 04:33 . 2009-12-28 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-26 16:18 . 2006-09-22 20:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-26 16:12 . 2006-09-22 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-26 15:47 . 2006-09-22 20:18 -------- d-----w- c:\documents and settings\Keith\Application Data\Lavasoft
2009-12-26 04:02 . 2007-11-13 21:46 325822 ----a-w- c:\documents and settings\All Users\Application Data\Dell\TransferAgent\transferagent.exe
2009-12-17 05:12 . 2009-12-17 05:12 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-12-17 05:12 . 2009-12-17 05:12 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-12-17 05:12 . 2009-12-17 05:12 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-12-16 22:08 . 2009-12-16 22:08 -------- d-----w- c:\documents and settings\Keith\Application Data\Viewpoint
2009-12-11 13:41 . 2009-12-11 13:41 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AdobeUM
2009-11-21 16:36 . 2004-08-04 11:00 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
.
CODE
<pre>
c:\program files\Adobe\acrotray .exe
c:\program files\Analog Devices\Core\smax4pnp .exe
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\Dell\Media Experience\pcmservice .exe
c:\program files\Dell Photo AIO Printer 922\dlbtbmgr .exe
c:\program files\DellSupport\dsagnt .exe
c:\program files\EarthLink TotalAccess\taskpanl .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Java\jre1.6.0_07\bin\jusched .exe
c:\program files\McAfee.com\Agent\mcagent .exe
c:\program files\McAfee.com\Agent\mcupdate .exe
c:\program files\McAfee.com\Personal Firewall\mpftray .exe
c:\program files\McAfee.com\VSO\mcmnhdlr .exe
c:\program files\McAfee.com\VSO\mcvsshld .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask .exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray .exe
c:\program files\Real\RealPlayer\realplay .exe
c:\windows\SYSTEM32\hkcmd .exe
c:\windows\SYSTEM32\igfxpers .exe
c:\windows\SYSTEM32\igfxtray .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [N/A]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [N/A]
"E6TaskPanel"="c:\program files\EarthLink TotalAccess\TaskPanl.exe" [N/A]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [N/A]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [N/A]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [N/A]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [N/A]
"MCAgentExe"="c:\progra~1\McAfee.com\Agent\McAgent.exe" [N/A]
"VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" [N/A]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [N/A]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [N/A]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [N/A]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [N/A]
"OSCD_Creator"="c:\dell\PreODM.EXE" [N/A]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [N/A]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [N/A]
"igfxtray"="c:\windows\system32\igfxtray.exe" [N/A]
"igfxpers"="c:\windows\system32\igfxpers.exe" [N/A]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [N/A]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]

c:\documents and settings\Darlene\Start Menu\Programs\Startup\
Greetings Workshop Reminders.lnk - c:\program files\Greetings Workshop\GWREMIND.EXE [1997-9-4 50688]

c:\documents and settings\Cecilia\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-2-6 156784]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-2-6 24576]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-06-17 21:17 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [1/1/2010 8:04 PM 64288]
S3 NaiFiltr;NaiFiltr;c:\windows\SYSTEM32\DRIVERS\NaiFiltr.sys [2/6/2005 12:38 AM 23296]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 7:19 AM 1181328]
.
Contents of the 'Scheduled Tasks' folder

2010-01-28 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:12]

2010-01-27 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:12]

2010-01-27 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:12]

2010-01-27 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:12]

2010-01-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell4me.com/myway
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-28 16:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
Completion time: 2010-01-28 16:56:10
ComboFix-quarantined-files.txt 2010-01-28 22:56
ComboFix2.txt 2010-01-27 23:14
ComboFix3.txt 2010-01-27 02:26

Pre-Run: 59,494,178,816 bytes free
Post-Run: 59,457,048,576 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 5F7809B6FF5B7BA684BC8BF20A12E55B

Share this topic:


  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users