Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

zesedovi.dll- file not found


  • This topic is locked This topic is locked
14 replies to this topic

#1 PaddyAW

PaddyAW

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 12 November 2009 - 09:19 PM

Whenever I start my computer I get a message saying:

Error Loading: c\windows\system32\zesedovi.dll
The specified module could not be found.

While I'm glad that couldn't be found [after a quick search for that file name] I'd like to know why it's being called for at all and/or what's calling for it. Malwarebytes is not picking anything up.

Here are the requested log & attachments:


DDS (Ver_09-10-26.01) - NTFSx86
Run by PAW at 18:01:33.20 on Thu 11/12/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2290 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\apple\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PerSono\perstray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MozillaFirefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\PAW\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dell4me.com/myway
uDefault_Page_URL = hxxp://www.dell4me.com/myway
mSearch Bar = hxxp://home.netscape.com/home/winsearch200.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat

7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IAAnotif] "c:\program files\intel\intel application accelerator\iaanotif.exe"
mRun: [IntelMeM] "c:\program files\intel\modem event monitor\IntelMEM.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [CTSysVol] "c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe" /r
mRun: [CTDVDDET] "c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE"
mRun: [UpdReg] "c:\windows\UpdReg.EXE"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] "c:\windows\system32\dla\tfswctrl.exe"
mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [CloneCDElbyCDFL] "c:\program files\clonecd\ElbyCheck.exe" /L ElbyCDFL
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe"

/startoptions
mRun: [CTXFIREG] CTxfiReg.exe
mRun: [nwiz] "c:\windows\system32\nwiz.exe" /install
mRun: [NvMediaCenter] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Start WingMan Profiler] "c:\program files\logitech\gaming software\LWEMon.exe" /noui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\apple\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [CTHelper] "c:\windows\system32\CTHELPER.EXE"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [pejumuhan] "Rundll32.exe" "c:\windows\system32\zesedovi.dll",a
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common

files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat

7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\perstray.lnk - c:\program files\persono\perstray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: aol.com\free
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -

hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} -

hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232322149671
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -

hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} -

hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -

hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} -

hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15106/CTPID.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: xxyvwttQ - xxyvwttQ.dll
AppInit_DLLs: umnoos.dll suzszv.dll bollri.dll c:\windows\system32\vihateto.dll c:\windows\system32\zesedovi.dll,vabuwida.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: barukidok - {3af49580-7c26-4db4-82eb-ff89f4878e9d} - c:\windows\system32\vihateto.dll
SSODL: jijoyazoy - {4a977b82-f22f-441c-b62b-3f4b155ee656} - c:\windows\system32\zesedovi.dll
STS: tokatiluy: {3af49580-7c26-4db4-82eb-ff89f4878e9d} - c:\windows\system32\vihateto.dll
STS: gahurihor: {4a977b82-f22f-441c-b62b-3f4b155ee656} - c:\windows\system32\zesedovi.dll
LSA: Notification Packages = scecli vebojefa.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\paw\applic~1\mozilla\firefox\profiles\uzjxjvo8.paddyaw\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/|http://uversetv.att.yahoo.com/wra/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\apple\itunes\mozilla plugins\npitunes.dll
FF - plugin: c:\program files\mozillafirefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\netscape4\program\plugins\np32dsw.dll
FF - plugin: c:\program files\netscape4\program\plugins\npaudio.dll
FF - plugin: c:\program files\netscape4\program\plugins\npavi32.dll
FF - plugin: c:\program files\netscape4\program\plugins\npbeatnk.dll
FF - plugin: c:\program files\netscape4\program\plugins\npdrmv2.dll
FF - plugin: c:\program files\netscape4\program\plugins\npdsplay.dll
FF - plugin: c:\program files\netscape4\program\plugins\npnul32.dll
FF - plugin: c:\program files\netscape4\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\netscape4\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\netscape4\program\plugins\npqtplugin3.dll
FF - plugin: c:\program files\netscape4\program\plugins\npqtplugin4.dll
FF - plugin: c:\program files\netscape4\program\plugins\npqtplugin5.dll
FF - plugin: c:\program files\netscape4\program\plugins\npqtplugin6.dll
FF - plugin: c:\program files\netscape4\program\plugins\npqtplugin7.dll
FF - plugin: c:\program files\netscape4\program\plugins\npswf32.dll
FF - plugin: c:\program files\netscape4\program\plugins\npwmsdrm.dll
FF - HiddenExtension: XUL Cache: {B3FCC3FF-3D7D-41A7-9D0C-58109F5A7484} - c:\documents and settings\paw\local

settings\application data\{B3FCC3FF-3D7D-41A7-9D0C-58109F5A7484}
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program

files\mozillafirefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program

files\mozillafirefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program

files\mozillafirefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program

files\mozillafirefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program

files\mozillafirefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program

files\mozillafirefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program

files\mozillafirefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozillafirefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [2002-11-28 22016]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-11-12 29808]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-11-8

210216]
R2 uacFlt;Plantronics USB Audio Adapter EQ Filter Driver;c:\windows\system32\drivers\uacflt.sys [2004-11-20 21276]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2009-1-18

1205760]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 ntmtlfaxx;ntmtlfaxx;c:\windows\system32\drivers\ntmtlfaxx.sys --> c:\windows\system32\drivers\ntmtlfaxx.sys [?]
S3 cdrmkaun;cdrmkaun;\??\c:\docume~1\paw\locals~1\temp\cdrmkaun.sys -->

c:\docume~1\paw\locals~1\temp\cdrmkaun.sys [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs

shared\service\CTAELicensing.exe [2009-10-31 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2005-2-27 30920]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-9-12 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-9-12 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-9-12

108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers

(WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-9-12 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-9-12

98568]
S3 TM0004RW;TM0004RW;c:\windows\system32\drivers\tmhidf.sys --> c:\windows\system32\drivers\TMHIDF.sys [?]
S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\system32\drivers\z520bus.sys [2005-7-26 57648]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\system32\drivers\z520mdfl.sys [2005-7-26 8336]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\system32\drivers\z520mdm.sys [2005-7-26 93488]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\system32\drivers\z520mgmt.sys

[2005-7-26 84928]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\z520obex.sys [2005-7-26

82864]

=============== Created Last 30 ================

2009-11-08 23:09:37 8085 ----a-w- c:\windows\system32\Config.MPF
2009-11-08 23:07:50 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-11-08 23:07:50 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-11-08 23:07:50 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-11-08 23:07:48 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-11-08 23:07:25 0 d-----w- c:\program files\common files\McAfee
2009-11-08 23:07:24 0 d-----w- c:\program files\McAfee.com
2009-11-08 23:07:17 0 d-----w- c:\program files\McAfee
2009-11-08 23:05:00 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-11-08 22:55:31 0 d-----w- c:\windows\ie8updates
2009-11-08 22:54:51 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-08 22:54:51 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-11-08 21:46:09 0 d-sh--w- c:\documents and settings\paw\IECompatCache
2009-11-08 21:44:12 0 d-sh--w- c:\documents and settings\paw\PrivacIE
2009-11-08 21:42:49 0 d-sh--w- c:\documents and settings\paw\IETldCache
2009-11-08 21:40:58 0 dc-h--w- c:\windows\ie8
2009-11-08 20:52:44 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-08 20:52:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-08 17:23:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-11-08 16:45:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-08 15:42:18 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-05 20:02:45 26576 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-04 23:57:03 1080 ----a-w- c:\windows\system32\settingsbkup.sfm
2009-11-04 23:57:03 1080 ----a-w- c:\windows\system32\settings.sfm
2009-11-04 23:56:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-10-31 22:25:22 11564 ----a-w-

c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
2009-10-31 22:25:15 4933506 ----a-w-

c:\windows\{00000004-00000000-00000001-00001102-00000004-20061102}.BAK
2009-10-31 22:23:47 0 d-----w- c:\program files\common files\Creative Labs Shared
2009-10-31 22:23:23 4933506 ----a-w-

c:\windows\{00000004-00000000-00000001-00001102-00000004-20061102}.CDF
2009-10-31 22:23:17 384 ----a-w-

c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2009-10-31 22:23:17 32088 ----a-w-

c:\windows\system32\BMXBkpCtrlState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
2009-10-23 00:17:59 164 ----a-w- c:\windows\install.dat
2009-10-19 19:05:40 1089593 ------w- c:\windows\system32\dllcache\ntprint.cat
2009-10-19 02:02:59 0 d-----w- c:\windows\system32\XPSViewer
2009-10-19 02:02:33 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-19 02:02:33 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-19 02:02:33 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-19 02:02:33 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-19 02:02:33 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-19 02:02:33 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-19 02:02:33 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-18 22:00:05 0 d-----w- c:\program files\EQ2MAP Updater

==================== Find3M ====================

2009-10-31 22:23:16 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-10-31 22:23:16 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-10-22 09:19:04 5939712 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2009-10-11 10:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-16 16:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll
2009-08-29 08:08:21 1208832 ----a-w- c:\windows\system32\dllcache\urlmon.dll
2009-08-29 08:08:20 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
2009-08-29 08:08:18 594432 ----a-w- c:\windows\system32\dllcache\msfeeds.dll
2009-08-29 08:08:18 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-29 08:08:18 25600 ----a-w- c:\windows\system32\dllcache\jsproxy.dll
2009-08-29 08:08:18 1985536 ----a-w- c:\windows\system32\dllcache\iertutil.dll
2009-08-29 08:08:17 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
2009-08-29 08:08:16 11069440 ----a-w- c:\windows\system32\dllcache\ieframe.dll
2009-08-29 08:08:13 387584 ----a-w- c:\windows\system32\dllcache\iedkcs32.dll
2009-08-29 07:36:24 133120 ------w- c:\windows\system32\dllcache\extmgr.dll
2009-08-29 00:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 10:35:52 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-28 10:28:59 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll

============= FINISH: 18:02:08.39 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:07:49 AM

Posted 20 November 2009 - 10:50 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

#3 PaddyAW

PaddyAW
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 20 November 2009 - 08:44 PM

All the gory details.

A few weeks ago the sound volume on this computer started acting weird. It'd be unusually loud even with the speakers at their lowest possible volume. This was the first hint. About two weeks ago I got a couple of odd popups. When I tried to run Malwarebytes it told me malwarebytes.exe could not be found. Downloaded, installed, ran and uninstalled some malware/av programs... SpyBot, AdAware, SpySweeper. That seemed to help a little. Did a few searches and eventually MalwareBytes ran and cleaned up a couple of more things.. Upon rebooting the machine the following error message popped up:

Error Loading: c\windows\system32\zesedovi.dll
The specified module could not be found.

This message appears everytime I start the computer now. I think it's a good thing that that file is missing, but I'd like to be sure.
Here is the latest DDS log. The DDS Attach is zipped and attached.

Thanks much for your time and assistance.



DDS (Ver_09-10-26.01) - NTFSx86
Run by PAW at 18:26:58.51 on Fri 11/20/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2427 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\apple\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PerSono\perstray.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\PAW\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dell4me.com/myway
uDefault_Page_URL = hxxp://www.dell4me.com/myway
mSearch Bar = hxxp://home.netscape.com/home/winsearch200.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IAAnotif] "c:\program files\intel\intel application accelerator\iaanotif.exe"
mRun: [IntelMeM] "c:\program files\intel\modem event monitor\IntelMEM.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [CTSysVol] "c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe" /r
mRun: [CTDVDDET] "c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE"
mRun: [UpdReg] "c:\windows\UpdReg.EXE"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] "c:\windows\system32\dla\tfswctrl.exe"
mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [CloneCDElbyCDFL] "c:\program files\clonecd\ElbyCheck.exe" /L ElbyCDFL
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [CTXFIREG] CTxfiReg.exe
mRun: [nwiz] "c:\windows\system32\nwiz.exe" /install
mRun: [NvMediaCenter] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Start WingMan Profiler] "c:\program files\logitech\gaming software\LWEMon.exe" /noui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [CTHelper] "c:\windows\system32\CTHELPER.EXE"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [pejumuhan] "Rundll32.exe" "c:\windows\system32\zesedovi.dll",a
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe"
mRun: [iTunesHelper] "c:\program files\apple\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\perstray.lnk - c:\program files\persono\perstray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: aol.com\free
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232322149671
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15106/CTPID.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: xxyvwttQ - xxyvwttQ.dll
AppInit_DLLs: umnoos.dll suzszv.dll bollri.dll c:\windows\system32\vihateto.dll c:\windows\system32\zesedovi.dll,vabuwida.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: barukidok - {3af49580-7c26-4db4-82eb-ff89f4878e9d} - c:\windows\system32\vihateto.dll
SSODL: jijoyazoy - {4a977b82-f22f-441c-b62b-3f4b155ee656} - c:\windows\system32\zesedovi.dll
STS: tokatiluy: {3af49580-7c26-4db4-82eb-ff89f4878e9d} - c:\windows\system32\vihateto.dll
STS: gahurihor: {4a977b82-f22f-441c-b62b-3f4b155ee656} - c:\windows\system32\zesedovi.dll
LSA: Notification Packages = scecli vebojefa.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\paw\applic~1\mozilla\firefox\profiles\uzjxjvo8.paddyaw\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/|http://uversetv.att.yahoo.com/wra/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\apple\itunes\mozilla plugins\npitunes.dll
FF - plugin: c:\program files\mozillafirefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\netscape4\program\plugins\np32dsw.dll
FF - plugin: c:\program files\netscape4\program\plugins\npaudio.dll
FF - plugin: c:\program files\netscape4\program\plugins\npavi32.dll
FF - plugin: c:\program files\netscape4\program\plugins\npbeatnk.dll
FF - plugin: c:\program files\netscape4\program\plugins\npdrmv2.dll
FF - plugin: c:\program files\netscape4\program\plugins\npdsplay.dll
FF - plugin: c:\program files\netscape4\program\plugins\npnul32.dll
FF - plugin: c:\program files\netscape4\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\netscape4\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\netscape4\program\plugins\npqtplugin3.dll
FF - plugin: c:\program files\netscape4\program\plugins\npqtplugin4.dll
FF - plugin: c:\program files\netscape4\program\plugins\npqtplugin5.dll
FF - plugin: c:\program files\netscape4\program\plugins\npqtplugin6.dll
FF - plugin: c:\program files\netscape4\program\plugins\npqtplugin7.dll
FF - plugin: c:\program files\netscape4\program\plugins\npswf32.dll
FF - plugin: c:\program files\netscape4\program\plugins\npwmsdrm.dll
FF - HiddenExtension: XUL Cache: {B3FCC3FF-3D7D-41A7-9D0C-58109F5A7484} - c:\documents and settings\paw\local settings\application data\{B3FCC3FF-3D7D-41A7-9D0C-58109F5A7484}
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozillafirefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozillafirefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozillafirefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozillafirefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozillafirefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozillafirefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozillafirefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozillafirefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [2002-11-28 22016]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-11-12 29808]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-11-8 210216]
R2 uacFlt;Plantronics USB Audio Adapter EQ Filter Driver;c:\windows\system32\drivers\uacflt.sys [2004-11-20 21276]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2009-1-18 1205760]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 ntmtlfaxx;ntmtlfaxx;c:\windows\system32\drivers\ntmtlfaxx.sys --> c:\windows\system32\drivers\ntmtlfaxx.sys [?]
S3 cdrmkaun;cdrmkaun;\??\c:\docume~1\paw\locals~1\temp\cdrmkaun.sys --> c:\docume~1\paw\locals~1\temp\cdrmkaun.sys [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-10-31 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2005-2-27 30920]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-9-12 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-9-12 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-9-12 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-9-12 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-9-12 98568]
S3 TM0004RW;TM0004RW;c:\windows\system32\drivers\tmhidf.sys --> c:\windows\system32\drivers\TMHIDF.sys [?]
S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\system32\drivers\z520bus.sys [2005-7-26 57648]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\system32\drivers\z520mdfl.sys [2005-7-26 8336]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\system32\drivers\z520mdm.sys [2005-7-26 93488]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\system32\drivers\z520mgmt.sys [2005-7-26 84928]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\z520obex.sys [2005-7-26 82864]

=============== Created Last 30 ================

2009-11-14 15:25:14 0 d-----w- c:\program files\iPod
2009-11-08 23:09:37 11123 ----a-w- c:\windows\system32\Config.MPF
2009-11-08 23:07:50 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-11-08 23:07:50 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-11-08 23:07:50 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-11-08 23:07:48 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-11-08 23:07:25 0 d-----w- c:\program files\common files\McAfee
2009-11-08 23:07:24 0 d-----w- c:\program files\McAfee.com
2009-11-08 23:07:17 0 d-----w- c:\program files\McAfee
2009-11-08 23:05:00 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-11-08 22:55:31 0 d-----w- c:\windows\ie8updates
2009-11-08 22:54:51 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-08 22:54:51 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-11-08 21:46:09 0 d-sh--w- c:\documents and settings\paw\IECompatCache
2009-11-08 21:44:12 0 d-sh--w- c:\documents and settings\paw\PrivacIE
2009-11-08 21:42:49 0 d-sh--w- c:\documents and settings\paw\IETldCache
2009-11-08 21:40:58 0 dc-h--w- c:\windows\ie8
2009-11-08 20:52:44 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-08 20:52:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-08 17:23:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-11-08 16:45:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-08 15:42:18 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-05 20:02:45 26576 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-04 23:57:03 1080 ----a-w- c:\windows\system32\settingsbkup.sfm
2009-11-04 23:57:03 1080 ----a-w- c:\windows\system32\settings.sfm
2009-11-04 23:56:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-10-31 22:25:22 11564 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
2009-10-31 22:25:15 4933758 ----a-w- c:\windows\{00000004-00000000-00000001-00001102-00000004-20061102}.BAK
2009-10-31 22:23:47 0 d-----w- c:\program files\common files\Creative Labs Shared
2009-10-31 22:23:23 4933758 ----a-w- c:\windows\{00000004-00000000-00000001-00001102-00000004-20061102}.CDF
2009-10-31 22:23:17 384 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2009-10-31 22:23:17 32088 ----a-w- c:\windows\system32\BMXBkpCtrlState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
2009-10-23 00:17:59 164 ----a-w- c:\windows\install.dat

==================== Find3M ====================

2009-10-31 22:23:16 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-10-31 22:23:16 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-10-22 09:19:04 5939712 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2009-10-11 10:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll
2009-08-29 08:08:21 1208832 ----a-w- c:\windows\system32\dllcache\urlmon.dll
2009-08-29 08:08:20 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
2009-08-29 08:08:18 594432 ----a-w- c:\windows\system32\dllcache\msfeeds.dll
2009-08-29 08:08:18 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-29 08:08:18 25600 ----a-w- c:\windows\system32\dllcache\jsproxy.dll
2009-08-29 08:08:18 1985536 ----a-w- c:\windows\system32\dllcache\iertutil.dll
2009-08-29 08:08:17 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
2009-08-29 08:08:16 11069440 ----a-w- c:\windows\system32\dllcache\ieframe.dll
2009-08-29 08:08:13 387584 ----a-w- c:\windows\system32\dllcache\iedkcs32.dll
2009-08-29 07:36:24 133120 ------w- c:\windows\system32\dllcache\extmgr.dll
2009-08-29 00:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 10:35:52 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-28 10:28:59 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll

============= FINISH: 18:27:25.35 ===============

Attached Files



#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 AM

Posted 21 November 2009 - 10:01 AM

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,

I am Posted Image and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

==========

RKill by Grinler

Link #1
Link #2
Link #3
Link #4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.
==========

Download and Run ComboFix (by sUBs)

You must rename it before saving it.

Posted Image

Posted Image

Please download ComboFix from one of these locations:

Link 1
Link 2

Save thcbytes.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click on thcbytes.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


==========

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

With your next post please provide:

* Combofix.txt

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 PaddyAW

PaddyAW
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 21 November 2009 - 12:16 PM

Hi T.

I do appreciate and thank you for your time and talents. Hopefully this will be easy but not so easy it's a waste of your time and talents. |;>

RKill ran on the first shot no problems.

ComboFix, as thcbytes.exe, ran and installed the Windows Recovery Console. It rebooted the computer and the same File Not Found message popped up about the zesedovi.dll.

Shortly after rebooting I got another window stating:

Exception processing message c0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c
Cancel Try Again Continue

I chose Continue and it seemed to finish properly [a guess since I've never used combofix before.]

Thanks again for your help.

Here is the ComboFix Log:




ComboFix 09-11-20.05 - PAW 11/21/2009 10:11.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2270 [GMT -6:00]
Running from: c:\documents and settings\PAW\Desktop\thcbytes.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\PAW\Local Settings\Application Data\{B3FCC3FF-3D7D-41A7-9D0C-58109F5A7484}
c:\documents and settings\PAW\Local Settings\Application Data\{B3FCC3FF-3D7D-41A7-9D0C-58109F5A7484}\chrome.manifest
c:\documents and settings\PAW\Local Settings\Application Data\{B3FCC3FF-3D7D-41A7-9D0C-58109F5A7484}\chrome\content\_cfg.js
c:\documents and settings\PAW\Local Settings\Application Data\{B3FCC3FF-3D7D-41A7-9D0C-58109F5A7484}\chrome\content\c.js
c:\documents and settings\PAW\Local Settings\Application Data\{B3FCC3FF-3D7D-41A7-9D0C-58109F5A7484}\chrome\content\overlay.xul
c:\documents and settings\PAW\Local Settings\Application Data\{B3FCC3FF-3D7D-41A7-9D0C-58109F5A7484}\install.rdf
c:\documents and settings\PAW\Local Settings\Temporary Internet Files\fbk.sts
c:\progra~1\Webroot\SPYSWE~1\Backup\ntSVc.ocx
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\customer_cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\heart.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\menu_down.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\menu_up.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\plates.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\ticket.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\tray.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_bring_check_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_diner.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_food_ready_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_gain_heart_1.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_pencil_write_2.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_rollover_1.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_seat_people_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\choosedifficulty.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\credits.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\flo_lose.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\flo_win.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\help1.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\help2.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\highscores.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\levelintro.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\levelintro_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\levelover.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\levelover_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\popup.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\popup_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\upgradegrid.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\upgradetitle.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\upsell.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\arrowleft_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\arrowleft_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\arrowright_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\arrowright_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\back_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\back_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\backchalk.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\backchalkup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\backtomenu_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\backtomenu_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\cancel.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\cancelup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\career.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\career_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\close.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\closeup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\continue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\continueover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\credits_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\credits_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\download_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\download_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\easy.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\easy_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\endlessshift.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\endlessshift_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\hard.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\hard_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\help.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\help_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\highscores.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\highscores_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\instructions_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\instructions_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\letsplay.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\letsplayover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\medium.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\medium_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\moreinfo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\moreinfoup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\off.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\off_on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\on_on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\pause.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\pauseover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\quit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\quitgame.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\quitgameover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\quitover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\resumegame.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\resumegameover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\submit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\submitup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\tryagain.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\tryagainover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\upgrade_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\upgrade_up.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewglobal.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewglobalup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewhighscore.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewhighscoreon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewlocal.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewlocalup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\comics\webcomic.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\config\career.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\config\customer.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\config\endless.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\config\global.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\config\powerups.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\cook\cook.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\cook\cook.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\cook\stove.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\cursor\arrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\cursor\click.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\cursor\click2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\cursor\grab.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\cursor\open.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\blue\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\blue\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\blue\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\green\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\green\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\green\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\purple\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\purple\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\purple\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\red\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\red\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\red\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\yellow\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\yellow\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\blue\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\blue\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\blue\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\green\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\green\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\green\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\purple\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\purple\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\purple\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\red\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\red\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\red\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\yellow\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\yellow\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\idle.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\idle.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\lower.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\lower.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\upper.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\upper.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\fonts\arial.mvec
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\fonts\komikaaxis.mvec
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\chair.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\chair.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\dirt2top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\dirt4top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\dishcart.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\dishcart.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\drinkstation_off.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\drinkstation_on1.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\drinkstation_on2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\ticketstation.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\ticketstation.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowdown.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowdownon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowleft.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowlefton.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowright.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowrighton.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowupon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\p1icon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\textedit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\title.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_1.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_1_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_1_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_1_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_2.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_2_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_2_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_2_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_2_d.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_3.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_3_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_3_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_3_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_3_d.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\fifth_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\first_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\fourth_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\second_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\playfirst_logo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\background.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food1.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food1.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food2.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food3.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food3.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\frames\upgrade_0001.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\tables\2top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\tables\2top.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\tables\4top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\tables\4top.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\upgrades.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\tableshadow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\choosedifficulty.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\chooseplayer.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\chooserestaurant.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\credits.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\game.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\gothighscore.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\help.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\help2.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\hiscore.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\hiscoreinfo.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\hiscoresubmit.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\levelintro.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\levelover.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\loading.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\mainloop.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\mainmenu.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\ok.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\pause.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\style.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\tutorialintro.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\upgrade.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\upsell.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\webcomic.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\yesno.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\splash\aol_logo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\splash\gamelabsplash.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\strings.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\angersmoke.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\angersmoke.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\chairflags.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\chairflags.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\check.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\checkmark.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\clock.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\closed.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\closingtime.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\coinflip.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\coinflip.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\dollar.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\doodles\coffee.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\doodles\tables.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\doodles\wallpaper.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\expert.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\expertscore.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\foodpoof.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\foodpoof.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\fork_timer.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\goalcompleted.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\heartgrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\heartgrow.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\jar.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\jar.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\level.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\level_career.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\score.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\sound.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\staroff.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\staron.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\tablenumber.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\tablenumberup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\traynumber.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\tutorial_character.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\tutorialarrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\tutorialbox.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgradeanim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgradeanim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\drinks.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\maitred.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\oven.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\select.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\shoes.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\stereo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\table.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\dinerdash.exe
c:\windows\system32\test.ttt
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_uacFlt
-------\Service_uacFlt


((((((((((((((((((((((((( Files Created from 2009-10-21 to 2009-11-21 )))))))))))))))))))))))))))))))
.

2009-11-21 15:58 . 2009-11-21 15:58 -------- d--h--w- c:\windows\PIF
2009-11-14 15:26 . 2009-11-14 15:26 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-14 15:25 . 2009-11-14 15:25 -------- d-----w- c:\program files\iPod
2009-11-14 15:20 . 2009-11-14 15:20 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-08 23:09 . 2009-11-08 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-11-08 23:07 . 2009-09-16 16:22 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-11-08 23:07 . 2009-09-16 16:22 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-11-08 23:07 . 2009-09-16 16:22 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-11-08 23:07 . 2009-07-16 18:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-11-08 23:07 . 2009-11-08 23:07 -------- d-----w- c:\program files\Common Files\McAfee
2009-11-08 23:07 . 2009-11-08 23:07 -------- d-----w- c:\program files\McAfee.com
2009-11-08 23:07 . 2009-11-19 18:57 -------- d-----w- c:\program files\McAfee
2009-11-08 23:05 . 2009-09-16 16:22 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-11-08 22:58 . 2009-11-09 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-08 22:55 . 2009-11-08 22:55 -------- d-----w- c:\windows\ie8updates
2009-11-08 22:54 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-11-08 22:54 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-08 21:46 . 2009-11-08 21:46 -------- d-sh--w- c:\documents and settings\PAW\IECompatCache
2009-11-08 21:44 . 2009-11-08 21:44 -------- d-sh--w- c:\documents and settings\PAW\PrivacIE
2009-11-08 21:42 . 2009-11-08 21:42 -------- d-sh--w- c:\documents and settings\PAW\IETldCache
2009-11-08 21:42 . 2009-11-08 21:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-08 21:40 . 2009-11-08 21:41 -------- dc-h--w- c:\windows\ie8
2009-11-08 20:53 . 2009-11-08 20:53 4045527 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-08 20:52 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-08 20:52 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-08 17:23 . 2009-11-08 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-08 16:45 . 2009-11-08 20:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-08 15:42 . 2009-11-08 15:42 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-05 20:02 . 2009-11-05 20:02 26576 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-04 23:55 . 2009-11-04 23:55 152576 ----a-w- c:\documents and settings\PAW\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-31 22:23 . 2009-10-31 22:23 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2009-10-31 22:23 . 2009-10-31 22:23 384 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2009-10-23 00:17 . 2009-10-23 00:18 164 ----a-w- c:\windows\install.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 12:29 . 2008-03-12 18:31 -------- d-----w- c:\program files\MozillaFirefox
2009-11-14 15:29 . 2009-09-12 16:09 -------- d-----w- c:\program files\Safari
2009-11-14 15:25 . 2009-07-18 16:34 -------- d-----w- c:\program files\Common Files\Apple
2009-11-08 20:15 . 2009-01-18 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-08 17:01 . 2009-01-18 23:53 -------- d-----w- c:\program files\Trend Micro
2009-11-05 20:02 . 2007-12-25 21:50 -------- d-----w- c:\documents and settings\PAW\Application Data\Apple Computer
2009-11-04 23:55 . 2004-11-17 00:45 -------- d-----w- c:\program files\Java
2009-10-31 22:23 . 2004-11-17 00:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-31 22:23 . 2004-11-17 00:47 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2009-10-31 22:23 . 2009-01-15 02:23 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-10-31 22:23 . 2004-11-17 00:47 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-10-31 22:23 . 2004-11-19 22:35 -------- d-----w- c:\documents and settings\PAW\Application Data\Creative
2009-10-23 01:31 . 2004-11-20 00:14 31952 ----a-w- c:\documents and settings\PAW\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-19 02:02 . 2009-10-19 02:02 -------- d-----w- c:\program files\MSBuild
2009-10-19 02:02 . 2009-10-19 02:02 -------- d-----w- c:\program files\Reference Assemblies
2009-10-18 22:01 . 2009-10-18 22:00 -------- d-----w- c:\program files\EQ2MAP Updater
2009-10-11 10:17 . 2008-12-17 21:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-16 16:22 . 2009-09-16 16:22 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-11 14:18 . 2004-08-04 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 00:42 . 2009-07-18 16:35 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 00:42 . 2009-07-18 16:35 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:00 . 2004-08-04 11:00 247326 ----a-w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-05-13 20:34 238968 ----a-w- c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-24 57344]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2005-03-15 53248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"CloneCDElbyCDFL"="c:\program files\CloneCD\ElbyCheck.exe" [2002-11-02 45056]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"nwiz"="c:\windows\system32\nwiz.exe" [2009-03-27 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 93208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"CTHelper"="c:\windows\system32\CTHELPER.EXE" [2009-06-23 19456]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\program files\apple\iTunes\iTunesHelper.exe" [2009-10-29 141600]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-6-8 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Perstray.lnk - c:\program files\PerSono\perstray.exe [2004-11-20 40960]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"=
"c:\\Program Files\\NR2003\\NR2003.exe"=
"c:\\Program Files\\Sony\\EQ2_00\\EQ2.exe"=
"c:\\WINDOWS\\SYSTEM32\\MMC.EXE"=
"c:\\Program Files\\Madden2007\\Updater.exe"=
"c:\\WINDOWS\\SYSTEM32\\FXSCLNT.EXE"=
"c:\\Program Files\\Sony\\EQ2_00\\EverQuest2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony\\EQ2_00\\EQ2VoiceService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\DDO Unlimited\\dndclient.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\Program Files\\Netscape\\Navigator 9\\navigator.exe"=
"c:\\Program Files\\MozillaFirefox\\firefox.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\apple\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57683:TCP"= 57683:TCP:Pando Media Booster
"57683:UDP"= 57683:UDP:Pando Media Booster

R0 ElbyVCD;ElbyVCD;c:\windows\SYSTEM32\DRIVERS\ElbyVCD.sys [11/28/2002 4:43 AM 22016]
R0 ssfs0bbc;ssfs0bbc;c:\windows\SYSTEM32\DRIVERS\ssfs0bbc.sys [11/12/2008 4:02 PM 29808]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/8/2009 5:09 PM 210216]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [1/18/2009 3:14 PM 1205760]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\SYSTEM32\DRIVERS\COMMONFX.sys [6/23/2009 12:34 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\SYSTEM32\DRIVERS\CTAUDFX.sys [6/23/2009 12:34 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\SYSTEM32\DRIVERS\CTSBLFX.sys [6/23/2009 12:34 PM 566296]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 ntmtlfaxx;ntmtlfaxx;c:\windows\system32\drivers\ntmtlfaxx.sys --> c:\windows\system32\drivers\ntmtlfaxx.sys [?]
S3 cdrmkaun;cdrmkaun;\??\c:\docume~1\PAW\LOCALS~1\Temp\cdrmkaun.sys --> c:\docume~1\PAW\LOCALS~1\Temp\cdrmkaun.sys [?]
S3 COMMONFX;COMMONFX;c:\windows\SYSTEM32\DRIVERS\COMMONFX.sys [6/23/2009 12:34 PM 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [10/31/2009 4:23 PM 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\SYSTEM32\DRIVERS\CTAUDFX.sys [6/23/2009 12:34 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\SYSTEM32\DRIVERS\CTERFXFX.sys [6/23/2009 12:35 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\SYSTEM32\DRIVERS\CTERFXFX.sys [6/23/2009 12:35 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\SYSTEM32\DRIVERS\CTSBLFX.sys [6/23/2009 12:34 PM 566296]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\SYSTEM32\DRIVERS\imhidusb.sys [2/27/2005 12:06 PM 30920]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\SYSTEM32\DRIVERS\s115bus.sys [9/12/2007 8:04 PM 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\SYSTEM32\DRIVERS\s115mdfl.sys [9/12/2007 8:05 PM 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\SYSTEM32\DRIVERS\s115mdm.sys [9/12/2007 8:05 PM 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\SYSTEM32\DRIVERS\s115mgmt.sys [9/12/2007 8:05 PM 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\SYSTEM32\DRIVERS\s115obex.sys [9/12/2007 8:05 PM 98568]
S3 TM0004RW;TM0004RW;c:\windows\system32\DRIVERS\TMHIDF.sys --> c:\windows\system32\DRIVERS\TMHIDF.sys [?]
S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\SYSTEM32\DRIVERS\z520bus.sys [7/26/2005 10:13 AM 57648]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\SYSTEM32\DRIVERS\z520mdfl.sys [7/26/2005 10:15 AM 8336]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\SYSTEM32\DRIVERS\z520mdm.sys [7/26/2005 10:15 AM 93488]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\SYSTEM32\DRIVERS\z520mgmt.sys [7/26/2005 10:16 AM 84928]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\SYSTEM32\DRIVERS\z520obex.sys [7/26/2005 10:18 AM 82864]
.
Contents of the 'Scheduled Tasks' folder

2009-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-11-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-08 18:22]

2009-11-08 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-08 18:22]

2009-11-16 c:\windows\Tasks\wrSpySweeper_LD5C1C151D35F42F8A5C1998673BEF1CF.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2009-01-18 20:40]

2009-11-16 c:\windows\Tasks\wrSpySweeper_LD5C1C151D35F42F8A5C1998673BEF1CF.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2009-01-18 20:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell4me.com/myway
mSearch Bar = hxxp://home.netscape.com/home/winsearch200.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\PAW\Application Data\Mozilla\Firefox\Profiles\uzjxjvo8.paddyaw\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/|http://uversetv.att.yahoo.com/wra/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\apple\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\program files\MozillaFirefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Netscape4\Program\Plugins\np32dsw.dll
FF - plugin: c:\program files\Netscape4\Program\Plugins\npaudio.dll
FF - plugin: c:\program files\Netscape4\Program\Plugins\npavi32.dll
FF - plugin: c:\program files\Netscape4\Program\Plugins\npbeatnk.dll
FF - plugin: c:\program files\Netscape4\Program\Plugins\npdrmv2.dll
FF - plugin: c:\program files\Netscape4\Program\Plugins\npdsplay.dll
FF - plugin: c:\program files\Netscape4\Program\Plugins\npnul32.dll
FF - plugin: c:\program files\Netscape4\Program\Plugins\npqtplugin.dll
FF - plugin: c:\program files\Netscape4\Program\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\Netscape4\Program\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\Netscape4\Program\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\Netscape4\Program\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\Netscape4\Program\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\Netscape4\Program\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\Netscape4\Program\Plugins\npswf32.dll
FF - plugin: c:\program files\Netscape4\Program\Plugins\npwmsdrm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\MozillaFirefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-pejumuhan - c:\windows\system32\zesedovi.dll
HKLM-Run-CTXFIREG - CTxfiReg.exe
SharedTaskScheduler-{3af49580-7c26-4db4-82eb-ff89f4878e9d} - c:\windows\system32\vihateto.dll
SharedTaskScheduler-{4a977b82-f22f-441c-b62b-3f4b155ee656} - c:\windows\system32\zesedovi.dll
SSODL-barukidok-{3af49580-7c26-4db4-82eb-ff89f4878e9d} - c:\windows\system32\vihateto.dll
SSODL-jijoyazoy-{4a977b82-f22f-441c-b62b-3f4b155ee656} - c:\windows\system32\zesedovi.dll
Notify-xxyvwttQ - xxyvwttQ.dll
SafeBoot-svcWRSSSDK



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-21 10:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_06f8&Pid_0004\6&2aa0a447&0&0000\LogConf]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2532)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MPFSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-11-21 10:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-21 16:34

Pre-Run: 7,223,185,408 bytes free
Post-Run: 7,461,605,376 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 8D62B3707E0567BEA5E0E6A5145F349A

#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 AM

Posted 21 November 2009 - 05:56 PM

Very well done! :(
Thanks for the detailed description. It really helps.

I do appreciate and thank you for your time and talents. Hopefully this will be easy but not so easy it's a waste of your time and talents

Your welcome. I do this because I enjoy it and like to help others. :(

:) Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!! :)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

DDS::
uStart Page = hxxp://www.dell4me.com/myway

RegLock::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_06f8&Pid_0004\6&2aa0a447&0&0000\LogConf]

Driver::
cdrmkaun

Rootkit::
c:\docume~1\PAW\LOCALS~1\Temp\cdrmkaun.sys

Firefox::
FF - ProfilePath - c:\documents and settings\PAW\Application Data\Mozilla\Firefox\Profiles\uzjxjvo8.paddyaw\


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==========

Please rerun MBAM.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
    • Update Malwarebytes' Anti-Malware <--- Important!!
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

==========

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
==========

With your next post please provide:

* Combofix.txt
* MBAM log
* ESET log
* How is your computer running now?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 PaddyAW

PaddyAW
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 21 November 2009 - 08:46 PM

Hiya again.

Between my last post and your last post I did reboot and did *not* get the zesedovi.dll not found message. I'm still not exactly sure why or what was calling for that file, but glad it's gone in any case.

While combofix was running I had to step away for a couple minutes [3 year old daughter, so sometimes that's unavoidable :::chucklin':::] and it was rebooting when I got back. It seems to have run without any problems.

I had just recently re-installed Malwarebyes, so I just made sure it was the latest engine and updated the definitions.

ESET Online Scan detected McAfee even though it's completely shut down.

Logs:
ComboFix



ComboFix 09-11-20.05 - PAW 11/21/2009 17:06.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2641 [GMT -6:00]
Running from: c:\documents and settings\PAW\Desktop\thcbytes.exe
Command switches used :: c:\documents and settings\PAW\Desktop\cfscript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CDRMKAUN
-------\Service_cdrmkaun


((((((((((((((((((((((((( Files Created from 2009-10-21 to 2009-11-21 )))))))))))))))))))))))))))))))
.

2009-11-21 15:58 . 2009-11-21 15:58 -------- d--h--w- c:\windows\PIF
2009-11-14 15:26 . 2009-11-14 15:26 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-14 15:25 . 2009-11-14 15:25 -------- d-----w- c:\program files\iPod
2009-11-14 15:20 . 2009-11-14 15:20 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-08 23:09 . 2009-11-08 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-11-08 23:07 . 2009-09-16 16:22 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-11-08 23:07 . 2009-09-16 16:22 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-11-08 23:07 . 2009-09-16 16:22 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-11-08 23:07 . 2009-07-16 18:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-11-08 23:07 . 2009-11-08 23:07 -------- d-----w- c:\program files\Common Files\McAfee
2009-11-08 23:07 . 2009-11-08 23:07 -------- d-----w- c:\program files\McAfee.com
2009-11-08 23:07 . 2009-11-19 18:57 -------- d-----w- c:\program files\McAfee
2009-11-08 23:05 . 2009-09-16 16:22 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-11-08 22:58 . 2009-11-09 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-08 22:55 . 2009-11-08 22:55 -------- d-----w- c:\windows\ie8updates
2009-11-08 22:54 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-11-08 22:54 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-08 21:46 . 2009-11-08 21:46 -------- d-sh--w- c:\documents and settings\PAW\IECompatCache
2009-11-08 21:44 . 2009-11-08 21:44 -------- d-sh--w- c:\documents and settings\PAW\PrivacIE
2009-11-08 21:42 . 2009-11-08 21:42 -------- d-sh--w- c:\documents and settings\PAW\IETldCache
2009-11-08 21:42 . 2009-11-08 21:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-08 21:40 . 2009-11-08 21:41 -------- dc-h--w- c:\windows\ie8
2009-11-08 20:53 . 2009-11-08 20:53 4045527 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-08 20:52 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-08 20:52 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-08 17:23 . 2009-11-08 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-08 16:45 . 2009-11-08 20:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-08 15:42 . 2009-11-08 15:42 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-05 20:02 . 2009-11-05 20:02 26576 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-04 23:55 . 2009-11-04 23:55 152576 ----a-w- c:\documents and settings\PAW\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-31 22:23 . 2009-10-31 22:23 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2009-10-31 22:23 . 2009-10-31 22:23 384 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2009-10-23 00:17 . 2009-10-23 00:18 164 ----a-w- c:\windows\install.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 22:27 . 2008-03-12 18:31 -------- d-----w- c:\program files\MozillaFirefox
2009-11-14 15:29 . 2009-09-12 16:09 -------- d-----w- c:\program files\Safari
2009-11-14 15:25 . 2009-07-18 16:34 -------- d-----w- c:\program files\Common Files\Apple
2009-11-08 20:15 . 2009-01-18 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-08 17:01 . 2009-01-18 23:53 -------- d-----w- c:\program files\Trend Micro
2009-11-05 20:02 . 2007-12-25 21:50 -------- d-----w- c:\documents and settings\PAW\Application Data\Apple Computer
2009-11-04 23:55 . 2004-11-17 00:45 -------- d-----w- c:\program files\Java
2009-10-31 22:23 . 2004-11-17 00:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-31 22:23 . 2004-11-17 00:47 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2009-10-31 22:23 . 2009-01-15 02:23 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-10-31 22:23 . 2004-11-17 00:47 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-10-31 22:23 . 2004-11-19 22:35 -------- d-----w- c:\documents and settings\PAW\Application Data\Creative
2009-10-23 01:31 . 2004-11-20 00:14 31952 ----a-w- c:\documents and settings\PAW\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-19 02:02 . 2009-10-19 02:02 -------- d-----w- c:\program files\MSBuild
2009-10-19 02:02 . 2009-10-19 02:02 -------- d-----w- c:\program files\Reference Assemblies
2009-10-18 22:01 . 2009-10-18 22:00 -------- d-----w- c:\program files\EQ2MAP Updater
2009-10-11 10:17 . 2008-12-17 21:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-16 16:22 . 2009-09-16 16:22 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-11 14:18 . 2004-08-04 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 11:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-29 00:42 . 2009-07-18 16:35 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 00:42 . 2009-07-18 16:35 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:00 . 2004-08-04 11:00 247326 ----a-w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-21_16.21.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-21 23:15 . 2009-11-21 23:15 16384 c:\windows\Temp\Perflib_Perfdata_7ac.dat
+ 2004-11-19 22:22 . 2009-11-21 19:45 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-11-19 22:22 . 2009-11-20 22:02 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-11-21 19:45 . 2009-11-21 19:45 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-05-13 20:34 238968 ----a-w- c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-24 57344]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2005-03-15 53248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"CloneCDElbyCDFL"="c:\program files\CloneCD\ElbyCheck.exe" [2002-11-02 45056]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"nwiz"="c:\windows\system32\nwiz.exe" [2009-03-27 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 93208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"CTHelper"="c:\windows\system32\CTHELPER.EXE" [2009-06-23 19456]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\program files\apple\iTunes\iTunesHelper.exe" [2009-10-29 141600]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-6-8 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Perstray.lnk - c:\program files\PerSono\perstray.exe [2004-11-20 40960]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"=
"c:\\Program Files\\NR2003\\NR2003.exe"=
"c:\\Program Files\\Sony\\EQ2_00\\EQ2.exe"=
"c:\\WINDOWS\\SYSTEM32\\MMC.EXE"=
"c:\\Program Files\\Madden2007\\Updater.exe"=
"c:\\WINDOWS\\SYSTEM32\\FXSCLNT.EXE"=
"c:\\Program Files\\Sony\\EQ2_00\\EverQuest2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony\\EQ2_00\\EQ2VoiceService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\DDO Unlimited\\dndclient.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\Program Files\\Netscape\\Navigator 9\\navigator.exe"=
"c:\\Program Files\\MozillaFirefox\\firefox.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\apple\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57683:TCP"= 57683:TCP:Pando Media Booster
"57683:UDP"= 57683:UDP:Pando Media Booster

R0 ElbyVCD;ElbyVCD;c:\windows\SYSTEM32\DRIVERS\ElbyVCD.sys [11/28/2002 4:43 AM 22016]
R0 ssfs0bbc;ssfs0bbc;c:\windows\SYSTEM32\DRIVERS\ssfs0bbc.sys [11/12/2008 4:02 PM 29808]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/8/2009 5:09 PM 210216]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [1/18/2009 3:14 PM 1205760]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\SYSTEM32\DRIVERS\COMMONFX.sys [6/23/2009 12:34 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\SYSTEM32\DRIVERS\CTAUDFX.sys [6/23/2009 12:34 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\SYSTEM32\DRIVERS\CTSBLFX.sys [6/23/2009 12:34 PM 566296]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 ntmtlfaxx;ntmtlfaxx;c:\windows\system32\drivers\ntmtlfaxx.sys --> c:\windows\system32\drivers\ntmtlfaxx.sys [?]
S3 COMMONFX;COMMONFX;c:\windows\SYSTEM32\DRIVERS\COMMONFX.sys [6/23/2009 12:34 PM 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [10/31/2009 4:23 PM 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\SYSTEM32\DRIVERS\CTAUDFX.sys [6/23/2009 12:34 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\SYSTEM32\DRIVERS\CTERFXFX.sys [6/23/2009 12:35 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\SYSTEM32\DRIVERS\CTERFXFX.sys [6/23/2009 12:35 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\SYSTEM32\DRIVERS\CTSBLFX.sys [6/23/2009 12:34 PM 566296]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\SYSTEM32\DRIVERS\imhidusb.sys [2/27/2005 12:06 PM 30920]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\SYSTEM32\DRIVERS\s115bus.sys [9/12/2007 8:04 PM 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\SYSTEM32\DRIVERS\s115mdfl.sys [9/12/2007 8:05 PM 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\SYSTEM32\DRIVERS\s115mdm.sys [9/12/2007 8:05 PM 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\SYSTEM32\DRIVERS\s115mgmt.sys [9/12/2007 8:05 PM 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\SYSTEM32\DRIVERS\s115obex.sys [9/12/2007 8:05 PM 98568]
S3 TM0004RW;TM0004RW;c:\windows\system32\DRIVERS\TMHIDF.sys --> c:\windows\system32\DRIVERS\TMHIDF.sys [?]
S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\SYSTEM32\DRIVERS\z520bus.sys [7/26/2005 10:13 AM 57648]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\SYSTEM32\DRIVERS\z520mdfl.sys [7/26/2005 10:15 AM 8336]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\SYSTEM32\DRIVERS\z520mdm.sys [7/26/2005 10:15 AM 93488]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\SYSTEM32\DRIVERS\z520mgmt.sys [7/26/2005 10:16 AM 84928]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\SYSTEM32\DRIVERS\z520obex.sys [7/26/2005 10:18 AM 82864]
.
Contents of the 'Scheduled Tasks' folder

2009-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-11-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-08 18:22]

2009-11-08 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-08 18:22]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://home.netscape.com/home/winsearch200.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\PAW\Application Data\Mozilla\Firefox\Profiles\uzjxjvo8.paddyaw\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/|http://uversetv.att.yahoo.com/wra/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\apple\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\program files\MozillaFirefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Netscape4\Program\Plugins\np32dsw.dll
FF - plugin: c:\program files\Netscape4\Program\Plugins\npaudio.dll
FF - plugin: c:\program files\Netscape4\Program\Plugins\npavi32.dll
FF - plugin: c:\program files\Netscape4\Program\Plugins\npbeatnk.dll
FF - plugin: c:\program files\Netscape4\Program\Plugins\npdrmv2.dll
FF - plugin: c:\program files\Netscape4\Program\Plugins\npdsplay.dll
FF - plugin: c:\program files\Netscape4\Program\Plugins\npnul32.dll
FF - plugin: c:\program files\Netscape4\Program\Plugins\npqtplugin.dll
FF - plugin: c:\program files\Netscape4\Program\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\Netscape4\Program\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\Netscape4\Program\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\Netscape4\Program\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\Netscape4\Program\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\Netscape4\Program\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\Netscape4\Program\Plugins\npswf32.dll
FF - plugin: c:\program files\Netscape4\Program\Plugins\npwmsdrm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\MozillaFirefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-21 17:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4052)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MPFSrv.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-11-21 17:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-21 23:20
ComboFix2.txt 2009-11-21 16:35

Pre-Run: 7,532,412,928 bytes free
Post-Run: 7,477,714,944 bytes free

- - End Of File - - 298EB006990AF228CC3973E45A7EE04E




Malwarebytes



Malwarebytes' Anti-Malware 1.41
Database version: 3210
Windows 5.1.2600 Service Pack 3

11/21/2009 5:36:48 PM
mbam-log-2009-11-21 (17-36-48).txt

Scan type: Quick Scan
Objects scanned: 101504
Time elapsed: 2 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ESET Online Scan
C:\Documents and Settings\PAW\Application Data\Mozilla\Profiles\pawclb\8uejuila.slt\Mail\mail.swbell.net\Inbox
HTML/Phishing.gen trojan
contained infected files

#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 AM

Posted 22 November 2009 - 09:52 AM

Good morning,

Looking good. :(
Turn your AV back on please.

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.Posted Image
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Thanks,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 PaddyAW

PaddyAW
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 22 November 2009 - 11:05 AM

Mornin'. |:>


McAfee is turned back on. Gave me a little chuckle, too. While running OTL it found this:

One or more items were detected on your computer.
Detection Name: Artemis!2FCD3A477CDC (Trojan), Artemis!2FCD3A477CDC (Trojan)
File: C:\Documents and Settings\PAW\Desktop\thcbytes.exe
Process: C:\Documents and Settings\PAW\Desktop\OTL.exe
Process Description:



OK, on to the requested logs.


OTL.txt:


OTL logfile created on: 11/22/2009 9:03:27 AM - Run 1
OTL by OldTimer - Version 3.1.6.3 Folder = C:\Documents and Settings\PAW\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 65.37 Gb Total Space | 6.89 Gb Free Space | 10.54% Space Free | Partition Type: NTFS
Drive D: | 74.50 Gb Total Space | 50.04 Gb Free Space | 67.17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 445.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAW_04
Current User Name: PAW
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/22 09:00:35 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PAW\Desktop\OTL.exe
PRC - [2009/11/06 13:15:44 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\MozillaFirefox\firefox.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\apple\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/22 18:18:37 | 01,205,760 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/17 14:29:04 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/09/16 10:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/04/21 17:26:52 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2009/03/27 09:03:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe
PRC - [2009/02/14 15:29:14 | 00,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/25 16:03:29 | 00,093,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2007/07/11 15:57:42 | 00,880,640 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
PRC - [2007/03/16 03:23:20 | 00,983,040 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2005/03/15 07:58:08 | 00,053,248 | ---- | M] (Musicmatch Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
PRC - [2004/08/23 18:19:22 | 00,057,344 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/08/13 01:05:00 | 00,122,939 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
PRC - [2004/06/29 11:23:32 | 00,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
PRC - [2004/06/29 11:22:56 | 00,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
PRC - [2003/09/17 10:43:36 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
PRC - [2003/09/03 20:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2002/04/29 13:33:44 | 00,040,960 | ---- | M] (Plantronics) -- C:\Program Files\PerSono\PersTray.exe
PRC - [1999/12/13 09:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE


========== Modules (SafeList) ==========

MOD - [2009/11/22 09:00:35 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PAW\Desktop\OTL.exe
MOD - [2009/02/11 11:06:38 | 00,014,032 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/04/13 18:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 18:12:00 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\mslbui.dll
MOD - [2008/04/13 18:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\WBEM\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/31 16:23:47 | 00,079,360 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/22 18:18:37 | 01,205,760 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/17 14:29:04 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/09/16 11:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/04/21 17:26:52 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/03/27 09:03:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe -- (NVSvc)
SRV - [2009/02/14 15:29:14 | 00,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/13 18:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\pchsvc.dll -- (helpsvc)
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/06/29 11:22:56 | 00,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [1999/12/13 09:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV - File not found -- -- (catchme)
DRV - [2009/09/16 10:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -- (USBAAPL)
DRV - [2009/07/16 12:32:26 | 00,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys -- (MPFP)
DRV - [2009/06/23 12:38:36 | 00,015,896 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\pfmodnt.sys -- (PfModNT)
DRV - [2009/06/23 12:38:26 | 00,189,464 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\DRIVERS\haP17v2k.sys -- (hap17v2k)
DRV - [2009/06/23 12:38:16 | 00,162,840 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\DRIVERS\haP16v2k.sys -- (hap16v2k)
DRV - [2009/06/23 12:38:06 | 00,798,744 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys -- (ha10kx2k)
DRV - [2009/06/23 12:37:54 | 00,092,696 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys -- (emupia)
DRV - [2009/06/23 12:37:32 | 00,157,208 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/23 12:37:22 | 00,014,360 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/23 12:37:10 | 00,127,512 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2009/06/23 12:36:36 | 00,347,080 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/23 12:36:24 | 00,528,408 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/23 12:36:14 | 00,511,000 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys -- (ctac32k)
DRV - [2009/06/23 12:35:04 | 00,100,888 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2009/06/23 12:35:04 | 00,100,888 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\DRIVERS\CTERFXFX.sys -- (CTERFXFX)
DRV - [2009/06/23 12:34:52 | 00,566,296 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2009/06/23 12:34:52 | 00,566,296 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\DRIVERS\CTSBLFX.sys -- (CTSBLFX)
DRV - [2009/06/23 12:34:40 | 00,555,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2009/06/23 12:34:40 | 00,555,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\DRIVERS\CTAUDFX.sys -- (CTAUDFX)
DRV - [2009/06/23 12:34:30 | 00,099,352 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2009/06/23 12:34:30 | 00,099,352 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\DRIVERS\COMMONFX.sys -- (COMMONFX)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/04/21 17:27:04 | 00,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/04/21 17:27:04 | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/04/21 17:27:02 | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/03/27 09:03:00 | 06,280,416 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2008/04/13 12:45:30 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008/04/13 12:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/09/13 21:41:28 | 00,051,608 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmXlCore.sys -- (WmXlCore)
DRV - [2007/09/13 21:41:20 | 00,014,744 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmVirHid.sys -- (WmVirHid)
DRV - [2007/09/13 21:41:12 | 00,029,208 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmHidLo.sys -- (WmHidLo)
DRV - [2007/09/13 21:41:02 | 00,029,976 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmFilter.sys -- (WmFilter)
DRV - [2007/09/13 21:40:54 | 00,019,352 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmBEnum.sys -- (WmBEnum)
DRV - [2007/04/23 14:54:50 | 00,100,488 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/23 14:54:50 | 00,098,568 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\s115obex.sys -- (s115obex)
DRV - [2007/04/23 14:54:48 | 00,108,680 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\s115mdm.sys -- (s115mdm)
DRV - [2007/04/23 14:54:48 | 00,015,112 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\s115mdfl.sys -- (s115mdfl)
DRV - [2007/04/23 14:54:46 | 00,083,208 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV - [2005/07/26 10:18:02 | 00,082,864 | ---- | M] (MCCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\z520obex.sys -- (z520obex)
DRV - [2005/07/26 10:16:44 | 00,084,928 | ---- | M] (MCCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\z520mgmt.sys -- (z520mgmt)
DRV - [2005/07/26 10:15:22 | 00,093,488 | ---- | M] (MCCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\z520mdm.sys -- (z520mdm)
DRV - [2005/07/26 10:15:16 | 00,008,336 | ---- | M] (MCCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\z520mdfl.sys -- (z520mdfl)
DRV - [2005/07/26 10:13:42 | 00,057,648 | ---- | M] (MCCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\z520bus.sys -- (z520bus) Sony Ericsson 520 driver (WDM)
DRV - [2005/05/28 17:43:36 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/08/13 02:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 01:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 01:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 01:05:00 | 00,086,202 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 01:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 01:05:00 | 00,025,723 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 01:05:00 | 00,014,715 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 01:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 01:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 01:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2004/08/04 03:21:00 | 00,087,136 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/07/14 11:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 11:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/06/29 11:17:16 | 00,477,952 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2004/06/15 22:52:40 | 00,061,157 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/05/29 17:41:54 | 00,186,112 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004/03/05 22:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/01/17 03:59:56 | 00,001,984 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\papycpu2.sys -- (papycpu2)
DRV - [2003/01/17 03:59:56 | 00,001,856 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\papyjoy.sys -- (papyjoy)
DRV - [2002/11/29 05:38:16 | 00,016,320 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\SYSTEM32\DRIVERS\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2002/11/28 08:18:04 | 00,015,360 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\SYSTEM32\DRIVERS\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2002/11/28 04:43:49 | 00,022,016 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys -- (ElbyVCD)
DRV - [2002/11/08 13:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/05/02 12:07:00 | 00,030,920 | ---- | M] (Immersion Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\imhidusb.sys -- (imhidusb)
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\E100B325.SYS -- (E100B) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-3120909244-2061349668-3682046951-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3120909244-2061349668-3682046951-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-3120909244-2061349668-3682046951-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-3120909244-2061349668-3682046951-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-21-3120909244-2061349668-3682046951-1007\S-1-5-21-3120909244-2061349668-3682046951-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3120909244-2061349668-3682046951-1007\S-1-5-21-3120909244-2061349668-3682046951-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B3FCC3FF-3D7D-41A7-9D0C-58109F5A7484}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/20 15:34:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/13 13:07:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/11/10 19:00:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\MozillaFirefox\components [2009/11/06 13:15:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\MozillaFirefox\plugins [2009/11/06 13:15:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Components: C:\Program Files\Netscape\Components [2009/09/14 12:27:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Plugins: C:\Program Files\Netscape\Plugins [2009/11/04 17:56:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.1.3.0\Extensions\\Components: C:\Program Files\Netscape813\Components [2009/09/12 10:02:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.1.3.0\Extensions\\Plugins: C:\Program Files\Netscape813\Plugins [2009/09/12 10:03:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2009/09/12 13:25:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2009/09/12 10:03:40 | 00,000,000 | ---D | M]

[2008/12/01 16:58:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\Mozilla\Extensions
[2008/12/01 16:58:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/13 13:11:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\Mozilla\Firefox\Profiles\3opjnupm.paclw\extensions
[2008/05/22 17:39:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\Mozilla\Firefox\Profiles\j1pdrfaa.default\extensions
[2009/11/21 16:37:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\Mozilla\Firefox\Profiles\uzjxjvo8.paddyaw\extensions
[2009/10/22 17:57:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\Mozilla\Firefox\Profiles\uzjxjvo8.paddyaw\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/10/30 19:19:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\Mozilla\Firefox\Profiles\xuya02c8.pawmcgloin\extensions

O1 HOSTS File: (27 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CloneCDElbyCDFL] C:\Program Files\CloneCD\ElbyCheck.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\apple\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe (Musicmatch Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\system32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\system32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Perstray.lnk = C:\Program Files\PerSono\PersTray.exe (Plantronics)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3120909244-2061349668-3682046951-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3120909244-2061349668-3682046951-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3120909244-2061349668-3682046951-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3120909244-2061349668-3682046951-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3120909244-2061349668-3682046951-1007_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3120909244-2061349668-3682046951-1007\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-21-3120909244-2061349668-3682046951-1007\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-3120909244-2061349668-3682046951-1007\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3120909244-2061349668-3682046951-1007\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3120909244-2061349668-3682046951-1007\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareup...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1232322149671 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/ji...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15106/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O30 - LSA: Security Packages - (EM) - File not found
O30 - LSA: Security Packages - (SHARED) - File not found
O30 - LSA: Security Packages - (]) - File not found
O30 - LSA: Security Packages - ((microsoft) - File not found
O30 - LSA: Security Packages - (corpora) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/12/04 14:14:20 | 00,864,256 | R--- | M] (Sierra Entertainment, Inc.
Bellevue, WA 98005) - F:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2002/12/30 09:59:48 | 00,000,133 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{79d4f599-3a79-11d9-a4c7-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{79d4f599-3a79-11d9-a4c7-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{79d4f599-3a79-11d9-a4c7-806d6172696f}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2002/12/04 14:14:20 | 00,864,256 | R--- | M] (Sierra Entertainment, Inc.
Bellevue, WA 98005)
O33 - MountPoints2\{79d4f599-3a79-11d9-a4c7-806d6172696f}\Shell\directx\command - "" = F:\DirectX\dxsetup.exe -- [2002/12/11 00:59:40 | 00,461,824 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Documents and Settings\PAW\Desktop\thcbytes.exe
[2009/11/22 09:00:35 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PAW\Desktop\OTL.exe
[2009/11/21 17:43:55 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/11/21 10:10:33 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/11/21 10:03:11 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/11/21 10:03:11 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/11/21 10:03:11 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/11/21 10:03:11 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/11/21 10:03:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/21 10:02:12 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/21 09:58:14 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/11/14 09:25:14 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/11/12 18:03:29 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\PAW\Desktop\RootRepeal.exe
[2009/11/10 18:56:36 | 26,768,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/11/08 17:09:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2009/11/08 17:07:50 | 00,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/11/08 17:07:50 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2009/11/08 17:07:50 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/11/08 17:07:48 | 00,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2009/11/08 17:07:25 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/11/08 17:07:24 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/11/08 17:07:17 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/11/08 17:05:00 | 00,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2009/11/08 16:58:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/11/08 16:55:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/11/08 16:54:51 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/11/08 16:54:51 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/11/08 15:46:09 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\PAW\IECompatCache
[2009/11/08 15:44:12 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\PAW\PrivacIE
[2009/11/08 15:42:49 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\PAW\IETldCache
[2009/11/08 15:40:58 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/11/08 14:52:44 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/08 14:52:42 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/08 11:23:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/11/08 10:45:40 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/08 09:42:18 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/11/04 17:56:12 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/11/04 17:56:12 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/11/04 17:56:12 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/11/04 17:56:12 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/10/31 16:23:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative Labs Shared
[2009/06/23 10:49:14 | 00,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[7 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/22 09:00:35 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PAW\Desktop\OTL.exe
[2009/11/22 08:25:46 | 00,011,091 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/11/21 19:14:29 | 07,077,888 | ---- | M] () -- C:\Documents and Settings\PAW\ntuser.dat
[2009/11/21 17:42:46 | 02,672,312 | ---- | M] () -- C:\Documents and Settings\PAW\Desktop\esetsmartinstaller_enu.exe
[2009/11/21 17:16:05 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/21 17:15:57 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/11/21 17:15:56 | 04,933,758 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000001-00001102-00000004-20061102}.CDF
[2009/11/21 17:15:56 | 04,933,758 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000001-00001102-00000004-20061102}.BAK
[2009/11/21 17:15:54 | 00,204,412 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/11/21 17:15:47 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2009/11/21 17:15:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/21 17:15:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/11/21 17:15:17 | 32,192,96256 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/21 17:14:24 | 00,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
[2009/11/21 17:14:24 | 00,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
[2009/11/21 17:14:24 | 00,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
[2009/11/21 17:14:24 | 00,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
[2009/11/21 17:14:24 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
[2009/11/21 10:10:36 | 00,000,281 | RHS- | M] () -- C:\BOOT.INI
[2009/11/21 09:58:27 | 00,262,656 | ---- | M] () -- C:\Documents and Settings\PAW\Desktop\rkill.pif
[2009/11/20 18:36:41 | 00,004,282 | ---- | M] () -- C:\Documents and Settings\PAW\Desktop\Attach1.zip
[2009/11/19 20:49:03 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/11/19 20:49:03 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/11/18 13:26:00 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\PAW\NTUSER.INI
[2009/11/15 01:17:02 | 00,000,336 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/11/14 09:29:10 | 00,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/11/14 09:25:51 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/12 18:04:36 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\PAW\Desktop\settings.dat
[2009/11/12 18:03:30 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\PAW\Desktop\RootRepeal.exe
[2009/11/12 18:00:42 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\PAW\Desktop\dds.scr
[2009/11/10 19:00:01 | 00,147,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/10 18:56:23 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/08 18:19:50 | 00,000,429 | ---- | M] () -- C:\Documents and Settings\PAW\Desktop\Shortcut to 01186310.xlt.lnk
[2009/11/08 17:09:15 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/11/08 17:07:34 | 00,000,314 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/11/08 14:52:44 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/08 11:57:27 | 00,000,273 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/11/08 11:01:38 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\PAW\Desktop\HijackThis.lnk
[2009/11/08 09:42:16 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/11/05 14:02:45 | 00,026,576 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/05 13:54:38 | 00,064,512 | ---- | M] () -- C:\Documents and Settings\PAW\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/05 13:51:43 | 00,000,782 | ---- | M] () -- C:\Documents and Settings\PAW\Desktop\Windows Media Player.lnk
[2009/11/05 09:36:22 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/11/04 17:59:50 | 00,528,202 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/04 17:59:50 | 00,445,370 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/11/04 17:59:50 | 00,072,576 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/11/04 12:38:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/31 16:25:17 | 03,178,154 | -H-- | M] () -- C:\Documents and Settings\PAW\Local Settings\Application Data\IconCache.db
[2009/10/31 16:23:17 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
[2009/10/31 16:23:17 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
[2009/10/31 16:23:16 | 00,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2009/10/31 16:23:16 | 00,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2009/10/25 05:37:04 | 00,000,462 | ---- | M] () -- C:\Documents and Settings\PAW\Desktop\Shortcut to 2005_2014_Calendars.xls.lnk
[7 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/21 17:42:42 | 02,672,312 | ---- | C] () -- C:\Documents and Settings\PAW\Desktop\esetsmartinstaller_enu.exe
[2009/11/21 10:10:36 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/11/21 10:10:34 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/11/21 10:03:11 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/21 10:03:11 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/21 10:03:11 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/21 10:03:11 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/21 10:03:11 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/21 09:58:27 | 00,262,656 | ---- | C] () -- C:\Documents and Settings\PAW\Desktop\rkill.pif
[2009/11/20 18:36:41 | 00,004,282 | ---- | C] () -- C:\Documents and Settings\PAW\Desktop\Attach1.zip
[2009/11/14 09:25:51 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/11/12 18:04:36 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\PAW\Desktop\settings.dat
[2009/11/12 18:00:41 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\PAW\Desktop\dds.scr
[2009/11/08 17:09:37 | 00,011,091 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2009/11/08 17:09:15 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/11/08 17:07:35 | 00,000,336 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/11/08 17:07:34 | 00,000,314 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/11/08 14:52:44 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/08 11:01:38 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\PAW\Desktop\HijackThis.lnk
[2009/11/05 14:02:45 | 00,026,576 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/04 17:57:03 | 00,001,080 | ---- | C] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/11/04 17:57:03 | 00,001,080 | ---- | C] () -- C:\WINDOWS\System32\settings.sfm
[2009/10/31 16:25:22 | 00,011,564 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
[2009/10/31 16:25:15 | 04,933,758 | ---- | C] () -- C:\WINDOWS\{00000004-00000000-00000001-00001102-00000004-20061102}.BAK
[2009/10/31 16:23:23 | 04,933,758 | ---- | C] () -- C:\WINDOWS\{00000004-00000000-00000001-00001102-00000004-20061102}.CDF
[2009/10/31 16:23:17 | 00,030,528 | ---- | C] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
[2009/10/31 16:23:17 | 00,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
[2009/06/23 11:29:50 | 00,049,719 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/06/23 11:29:48 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/06/23 10:51:00 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2009/04/21 17:26:56 | 00,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/01/18 15:14:29 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\PAW\Local Settings\Application Data\fusioncache.dat
[2007/12/25 16:00:44 | 00,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/08/17 16:14:23 | 00,000,942 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2007/08/16 13:51:44 | 00,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2007/08/13 19:45:02 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2006/10/02 16:25:18 | 00,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2006/07/08 23:24:27 | 00,102,912 | ---- | C] () -- C:\WINDOWS\System32\islzma.dll
[2006/07/08 23:24:25 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/07/08 23:24:25 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/05/22 16:59:05 | 00,000,121 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/01/04 17:29:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2006/01/03 14:42:53 | 00,000,031 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2005/12/05 15:46:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2005/11/11 13:47:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/11/11 13:47:00 | 01,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/11/11 13:47:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/11/11 13:47:00 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/11/11 13:47:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/11/11 13:47:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/10/08 09:40:58 | 00,064,512 | ---- | C] () -- C:\Documents and Settings\PAW\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/05/19 14:46:06 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\Win32Bitmap.dll
[2005/02/27 12:06:56 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\tmimlaun.dll
[2005/02/26 11:15:58 | 00,001,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\papycpu2.sys
[2005/02/26 11:15:58 | 00,001,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\papyjoy.sys
[2005/02/26 11:11:52 | 00,000,182 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2004/11/19 18:14:34 | 00,031,952 | ---- | C] () -- C:\Documents and Settings\PAW\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2004/11/19 16:35:07 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\PAW\Application Data\DESKTOP.INI
[2004/11/19 16:35:06 | 03,178,154 | -H-- | C] () -- C:\Documents and Settings\PAW\Local Settings\Application Data\IconCache.db
[2004/11/16 18:54:51 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/16 18:53:47 | 00,000,273 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/11/16 18:50:17 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/16 18:47:30 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/11/16 18:47:12 | 00,014,424 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2004/11/16 18:46:52 | 00,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/11/16 18:37:30 | 00,528,202 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2004/11/16 18:26:40 | 00,000,521 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 22:03:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:13:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 13:04:08 | 00,000,837 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/08/10 13:04:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\CONTROL.INI
[2004/08/10 13:03:52 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:02:06 | 00,000,037 | ---- | C] () -- C:\WINDOWS\VBADDIN.INI
[2004/08/10 13:02:06 | 00,000,036 | ---- | C] () -- C:\WINDOWS\VB.INI
[2004/08/10 12:57:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/10 12:57:42 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[2004/08/04 05:00:00 | 01,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll
[2004/08/04 05:00:00 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\ESENTPRF.INI
[2004/08/04 05:00:00 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2004/08/04 05:00:00 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll
[2004/08/04 05:00:00 | 00,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll
[2004/08/04 05:00:00 | 00,386,048 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll
[2004/08/04 05:00:00 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2004/08/04 05:00:00 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll
[2004/08/04 05:00:00 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2004/08/04 05:00:00 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2004/08/04 05:00:00 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\IR32_32.DLL
[2004/08/04 05:00:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll
[2004/08/04 05:00:00 | 00,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2004/08/04 05:00:00 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\PAQSP.DLL
[2004/08/04 05:00:00 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\MSENCODE.DLL
[2004/08/04 05:00:00 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2004/08/04 05:00:00 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll
[2004/08/04 05:00:00 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\TCPMON.INI
[2004/08/04 05:00:00 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\KEY01.SYS
[2004/08/04 05:00:00 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\KEYBOARD.SYS
[2004/08/04 05:00:00 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\NTIO411.SYS
[2004/08/04 05:00:00 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\NTIO412.SYS
[2004/08/04 05:00:00 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll
[2004/08/04 05:00:00 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\NTIO804.SYS
[2004/08/04 05:00:00 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\NTIO404.SYS
[2004/08/04 05:00:00 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\NTIO.SYS
[2004/08/04 05:00:00 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\NTDOS411.SYS
[2004/08/04 05:00:00 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\NTDOS412.SYS
[2004/08/04 05:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\NTDOS804.SYS
[2004/08/04 05:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\NTDOS404.SYS
[2004/08/04 05:00:00 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\NTDOS.SYS
[2004/08/04 05:00:00 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\COUNTRY.SYS
[2004/08/04 05:00:00 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\TSD32.DLL
[2004/08/04 05:00:00 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2004/08/04 05:00:00 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\WIN87EM.DLL
[2004/08/04 05:00:00 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\TSLABELS.INI
[2004/08/04 05:00:00 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\RSVP.INI
[2004/08/04 05:00:00 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ANSI.SYS
[2004/08/04 05:00:00 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\PSCHDPRF.INI
[2004/08/04 05:00:00 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\HIMEM.SYS
[2004/08/04 05:00:00 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll
[2004/08/04 05:00:00 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\RASCTRS.INI
[2004/08/04 05:00:00 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\PERFCI.INI
[2004/08/04 05:00:00 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\PERFWCI.INI
[2004/08/04 05:00:00 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\MSDTCPRF.INI
[2004/08/04 05:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/08/04 05:00:00 | 00,001,405 | ---- | C] () -- C:\WINDOWS\MSDFMAP.INI
[2004/08/04 05:00:00 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\PERFFILT.INI
[2004/08/04 05:00:00 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\PRODSPEC.INI
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/11/28 13:20:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/07/18 11:03:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/07/18 10:36:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2004/08/10 12:57:42 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[2009/11/08 14:15:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/01/21 12:31:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2005/05/19 14:43:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA18.tmp
[2005/05/19 14:46:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA22.tmp
[2006/01/20 03:51:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA2D.tmp
[2006/01/20 13:04:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA3B.tmp
[2006/01/20 13:47:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA51.tmp
[2006/01/20 13:59:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA5E.tmp
[2006/01/20 14:06:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA6C.tmp
[2009/11/08 20:08:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2005/02/26 12:10:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2005/12/17 14:37:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2006/05/31 13:54:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/09/14 16:56:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2008/08/27 15:19:12 | 00,001,359 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2004/11/16 18:26:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/11/08 17:09:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2007/12/25 15:28:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
[2009/11/08 14:41:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2007/12/25 15:28:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2009/01/18 15:17:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2005/12/14 15:09:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/09/12 10:05:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/18 10:36:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2004/11/16 18:48:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Creative
[2004/08/10 12:57:42 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Default User\Application Data\DESKTOP.INI
[2004/11/16 18:26:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Identities
[2004/11/16 18:49:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Jasc Software Inc
[2004/11/16 18:26:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Default User\Application Data\Microsoft
[2004/11/16 18:54:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Sonic
[2004/11/16 18:45:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Sun
[2006/01/20 13:23:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2006/01/20 13:25:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2004/12/29 15:49:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/01/20 13:36:09 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/01/20 13:07:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2009/06/02 16:57:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2006/07/08 23:24:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot
[2004/11/16 18:26:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/02/16 09:25:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\Adobe
[2008/11/28 13:20:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\AdobeUM
[2009/11/05 14:02:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\Apple Computer
[2009/10/31 16:23:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\Creative
[2004/11/25 13:37:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\CyberLink
[2004/08/10 12:57:42 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\PAW\Application Data\DESKTOP.INI
[2005/12/05 15:49:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\Help
[2004/11/16 18:26:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\Identities
[2005/02/11 15:16:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\Jasc
[2004/11/16 18:49:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\Jasc Software Inc
[2009/02/07 08:20:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\Lavasoft
[2007/11/23 19:58:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\Leadertech
[2006/05/31 12:50:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\Macromedia
[2009/01/21 12:31:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\Malwarebytes
[2007/03/21 09:14:20 | 00,000,000 | --SD | M] -- C:\Documents and Settings\PAW\Application Data\Microsoft
[2008/12/01 16:58:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\Mozilla
[2005/10/08 13:20:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\Musicmatch
[2007/08/16 13:51:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\MyFamily.com
[2007/09/24 18:53:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\Netscape
[2006/05/31 13:54:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\PlayFirst
[2007/11/23 19:59:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\Sonic
[2007/09/12 20:02:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\Sony Ericsson
[2004/11/16 18:45:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\Sun
[2009/04/12 09:53:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\SystemRequirementsLab
[2008/05/22 17:39:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\Talkback
[2005/04/22 18:39:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\teamspeak2
[2007/09/12 20:03:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\Teleca
[2009/09/15 12:03:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\Turbine
[2006/07/08 23:24:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAW\Application Data\Webroot
[2009/11/04 12:38:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/11/15 01:17:02 | 00,000,336 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/11/08 17:07:34 | 00,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/11/21 17:15:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


< End of report >



And Extras.txt

OTL Extras logfile created on: 11/22/2009 9:03:27 AM - Run 1
OTL by OldTimer - Version 3.1.6.3 Folder = C:\Documents and Settings\PAW\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 65.37 Gb Total Space | 6.89 Gb Free Space | 10.54% Space Free | Partition Type: NTFS
Drive D: | 74.50 Gb Total Space | 50.04 Gb Free Space | 67.17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 445.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAW_04
Current User Name: PAW
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = NavigatorHTML] -- C:\Program Files\Netscape\Navigator 9\navigator.exe (Netscape)

[HKEY_USERS\S-1-5-21-3120909244-2061349668-3682046951-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\MozillaFirefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- C:\PROGRA~1\NETSCAPE\NAVIGA~1\NAVIGA~1.EXE -requestPending -osint -url "%1" (Netscape)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"57683:TCP" = 57683:TCP:*:Enabled:Pando Media Booster
"57683:UDP" = 57683:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"57683:TCP" = 57683:TCP:*:Enabled:Pando Media Booster
"57683:UDP" = 57683:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Sony\Station\Launchpad\LaunchPad.exe" = C:\Program Files\Sony\Station\Launchpad\LaunchPad.exe:*:Enabled:LaunchPad -- ()
"C:\Program Files\NR2003\NR2003.exe" = C:\Program Files\NR2003\NR2003.exe:*:Enabled:NASCAR Racing 2003 Season -- (Sierra Entertainment, Inc.
Bellevue, WA 98005)
"C:\Program Files\Sony\EQ2_00\EQ2.exe" = C:\Program Files\Sony\EQ2_00\EQ2.exe:*:Enabled:EverQuest II -- (Sony Online Entertainment, Inc.)
"C:\WINDOWS\SYSTEM32\MMC.EXE" = C:\WINDOWS\SYSTEM32\MMC.EXE:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Madden2007\Updater.exe" = C:\Program Files\Madden2007\Updater.exe:*:Enabled:Updater -- ()
"C:\WINDOWS\SYSTEM32\FXSCLNT.EXE" = C:\WINDOWS\SYSTEM32\FXSCLNT.EXE:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Sony\EQ2_00\EverQuest2.exe" = C:\Program Files\Sony\EQ2_00\EverQuest2.exe:*:Enabled:EQ2 Client Application -- (Sony Online Entertainment)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Sony\EQ2_00\EQ2VoiceService.exe" = C:\Program Files\Sony\EQ2_00\EQ2VoiceService.exe:*:Enabled:EQ2VoiceService -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"D:\DDO Unlimited\dndclient.exe" = D:\DDO Unlimited\dndclient.exe:*:Enabled:dndclient -- (Turbine, Inc.)
"C:\WINDOWS\SYSTEM32\dpvsetup.exe" = C:\WINDOWS\SYSTEM32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Netscape\Navigator 9\navigator.exe" = C:\Program Files\Netscape\Navigator 9\navigator.exe:*:Enabled:navigator -- (Netscape)
"C:\Program Files\MozillaFirefox\firefox.exe" = C:\Program Files\MozillaFirefox\firefox.exe:*:Enabled:firefox -- (Mozilla Corporation)
"C:\Program Files\iPod\bin\iPodService.exe" = C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService -- (Apple Inc.)
"C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" = C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe:*:Enabled:SpySweeper -- (Webroot Software, Inc. (www.webroot.com))
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService -- (Apple Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\apple\iTunes\iTunes.exe" = C:\Program Files\apple\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08C69782-2A55-4279-94D7-E4E59FEE3FF7}" = EverQuest II: Desert of Flames
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1D171963-9063-4423-898B-8EC4F1F190B7}" = EA downloader
"{1EE39B32-BA05-433C-BC0D-35797518A3A5}" = EverQuest II
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{22E9CF2B-4063-4dab-A251-93FA46F7DECC}_is1" = Spy Sweeper
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17
"{2B59AB31-EBD0-45E4-A725-7112904DA605}" = Family Tree Maker Version 16
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4F5CBDFF-C5AD-11D6-B881-00A0CC58DEE4}" = EverQuest: Planes of Power
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{625BD732-ACDF-4552-BF22-98EBB413B6F3}" = McAfee Shredder
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{84EDE9B5-6B8B-4EFD-A649-DD94E1671704}" = Thrustmaster Force Feedback Racing Wheel Drivers
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{ACC2E059-40E9-4464-B18D-C9BDD9A02CED}" = NASCAR® Racing 2003 Season
"{B2ED6DAA-31AA-49E4-BFA1-AF3388D90F7D}" = EverQuest II
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5961323-A2E5-4FAB-B92D-DBF6C282F0F5}" = Logitech Gaming Software 5.01
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C85E633E-864A-4AFE-0095-844838BFCC7E}" = Madden NFL 07
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE0DE25D-4905-4609-B2A0-6393E108FC76}" = EverQuest II: Kingdom of Sky
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D63F2860-678D-11D4-B355-0010A4F75374}" = PerSono
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DD494BAD-BA13-11D4-8737-00A0CC58DEE4}" = EverQuest: SOV
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F79AAB3A-B8B4-4AC7-94AB-1C4C076C6A89}" = The Simpsons Hit & Run™
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.09.03.800
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2007
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1
"AudioConSole" = Creative Audio Console
"AudioCS" = Creative Audio Console
"Canon Camera WIA Driver PowerShot A100" = Canon PowerShot A100 WIA Driver
"Canon PhotoStitch 3.1" = Canon Utilities PhotoStitch 3.1
"Canon Utilities RAW Image Converter2" = Canon Utilities RAW Image Converter2
"CloneCD" = CloneCD
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"EQ2MAP Updater" = EQ2MAP Updater 1.2.4
"ESET Online Scanner" = ESET Online Scanner v3
"EverQuest" = EverQuest
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{1D171963-9063-4423-898B-8EC4F1F190B7}" = EA downloader
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Java Web Start" = Java Web Start
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Netscape (7.2)" = Netscape (7.2)
"Netscape Browser" = Netscape Browser (remove only)
"Netscape Communicator 4.8" = Netscape Communicator 4.8
"Netscape Navigator (9.0.0.6)" = Netscape Navigator (9.0.0.6)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoRecord" = Canon PhotoRecord
"RemoteCapture" = Canon Utilities RemoteCapture 2.4
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 2 RC2_is1" = TeamSpeak 2 RC2
"WaveStudio 7" = Creative WaveStudio 7
"Window Washer 5" = Window Washer 5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/18/2009 5:42:44 PM | Computer Name = PAW_04 | Source = Application Error | ID = 1001
Description = Fault bucket 1505088551.

Error - 10/20/2009 8:43:01 PM | Computer Name = PAW_04 | Source = Application Hang | ID = 1002
Description = Hanging application navigator.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/24/2009 3:47:31 PM | Computer Name = PAW_04 | Source = Application Error | ID = 1000
Description = Faulting application navigator.exe, version 0.0.0.0, faulting module
npswf32.dll, version 10.0.32.18, fault address 0x00077bd0.

Error - 10/25/2009 11:13:39 PM | Computer Name = PAW_04 | Source = Application Error | ID = 1000
Description = Faulting application navigator.exe, version 0.0.0.0, faulting module
npswf32.dll, version 10.0.32.18, fault address 0x0023005a.

Error - 11/1/2009 9:40:00 PM | Computer Name = PAW_04 | Source = Application Error | ID = 1000
Description = Faulting application navigator.exe, version 0.0.0.0, faulting module
npswf32.dll, version 10.0.32.18, fault address 0x0022f503.

Error - 11/7/2009 8:29:21 PM | Computer Name = PAW_04 | Source = Application Error | ID = 1000
Description = Faulting application navigator.exe, version 0.0.0.0, faulting module
npswf32.dll, version 10.0.32.18, fault address 0x00077bd0.

Error - 11/8/2009 11:41:01 AM | Computer Name = PAW_04 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 11/8/2009 12:42:33 PM | Computer Name = PAW_04 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module boost_log-vc71-mt-1_33.dll, version 0.0.0.0, fault address 0x000049dd.

Error - 11/8/2009 12:42:39 PM | Computer Name = PAW_04 | Source = Application Error | ID = 1001
Description = Fault bucket 745447778.

Error - 11/17/2009 6:36:00 PM | Computer Name = PAW_04 | Source = Application Error | ID = 1000
Description = Faulting application navigator.exe, version 0.0.0.0, faulting module
npswf32.dll, version 10.0.32.18, fault address 0x00077bd0.

[ System Events ]
Error - 11/21/2009 6:25:48 PM | Computer Name = PAW_04 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 11/21/2009 6:25:48 PM | Computer Name = PAW_04 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 11/21/2009 6:25:48 PM | Computer Name = PAW_04 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 11/21/2009 6:26:05 PM | Computer Name = PAW_04 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 11/21/2009 6:29:54 PM | Computer Name = PAW_04 | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{6F312931-25D2-4D95-A44B-F4061AC5DBE0}. The
backup browser is stopping.

Error - 11/21/2009 7:15:42 PM | Computer Name = PAW_04 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 11/21/2009 7:15:51 PM | Computer Name = PAW_04 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 11/21/2009 7:15:51 PM | Computer Name = PAW_04 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 11/21/2009 7:15:51 PM | Computer Name = PAW_04 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 11/21/2009 7:19:34 PM | Computer Name = PAW_04 | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{6F312931-25D2-4D95-A44B-F4061AC5DBE0}. The
backup browser is stopping.


< End of report >

#10 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 AM

Posted 22 November 2009 - 12:02 PM

My clean tools are always tagged as Malware. :(

Thanks for ignoring that!

---------

Congratulations! You now FINALLY appear clean!

**********

Please pay particularly close attention to the instructions that follow. To neglect these steps risk needless reinfection!!

**********

Are things running okay? Do you have any more questions?

**********

Uninstall Combofix
  • Press the Windows Key + R on your keyboard.
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    <Notice the space between the "x" and "/".>

    Posted Image

  • The following will implement some very important cleanup procedures as well as reset System Restore points.
**********

Run OTL again

We will now remove the tools we used during this fix using OTL.
  • Double click the OTL icon to start the program.
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
**********

Recommendations


Below are some recommendations to lower your chances of (re)infection.
  • Install an Anti-Spyware program, and update it regularly
    Malwarebytes' Anti-Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.

    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.

  • Prevention article : To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.


    Windows XP
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

  • Keep your other software up to date as well. Software does not need to be made by Microsoft to be insecure. Download Secunia Software Inspector to keep all your software up to date.

  • Consider Firefox as your primary browser. Its safer, fast and secure!

  • Install WOT. Never inadvertently surf to a dangerous website again.

  • Consider running your browser Sandboxed with Sandboxie. You decide what actually get's into your OS!!

  • Install NoScript. Pre-emptively blocks malicious scripts and allows JavaScript, Java and other potentially dangerous content only from sites you trust.

  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.
**********

System Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve performance.

If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

**********

Good luck & safe surfing,
Kind Regards,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#11 PaddyAW

PaddyAW
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 22 November 2009 - 12:32 PM

Two, or maybe 3, quick questions.

Should that be "thcbytes /uninstall" rather than "ComboFix /Uninstall" since that's what it was saved as?

Although I know I didn't delete it, it's not on my desktop. I did a file search for both ComboFix and thcbytes and only found the .txt files and shortcuts to them. Could McAfee have have Quarantined/Deleted it? There's nothing in my Recycle Bin.

Should I redownload it and then run the uninstall?

#12 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 AM

Posted 22 November 2009 - 05:35 PM

Good questions.

To play it safe do this...

Turn off McAfee then..

Follow the Combofix /uninstall directions... (not thcbytes)

Then do this...

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    
    :Commands
    [CLEARALLRESTOREPOINTS]
    [emptytemp]
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
That should do it!!

Kind regards,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#13 PaddyAW

PaddyAW
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 22 November 2009 - 08:04 PM

I tried running "Combofix /uninstall" but it tells me Windows can't find Combofix.

Doing a file/program search finds the logs and shortcuts to them. There is a folder [c:\Qoobox] that has what looks like remnants from Combofix in it. That's where 2 of the logs are being found by the search; ComboFix-quarantined-files and ComboFix2, both are text documents.

Here's the OTL Log:



All processes killed
========== OTL ==========
No active process named explorer.exe was found!
========== COMMANDS ==========
Restorepoints cleared and new one set!

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Owner

User: PAW
->Temp folder emptied: 193902 bytes
->Temporary Internet Files folder emptied: 9093744 bytes
->Java cache emptied: 26873282 bytes
->FireFox cache emptied: 267808083 bytes
->Apple Safari cache emptied: 10138538 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 1214556 bytes
Windows Temp folder emptied: 2712 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 790 bytes

Total Files Cleaned = 300.83 mb


OTL by OldTimer - Version 3.1.6.3 log created on 11222009_183630

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#14 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 AM

Posted 22 November 2009 - 08:50 PM

Your good! If you want to delete the CF remnants your welcome to do so.
Kind regards,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#15 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 AM

Posted 28 November 2009 - 10:29 AM

Since this topic appears to be resolved, I will now close it.
If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users