Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine Redirects, Popups, and IE Issues


  • This topic is locked This topic is locked
14 replies to this topic

#1 Mewten

Mewten

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 15 February 2010 - 01:22 AM

Alright so I'm terribly frustrated. I borrowed a laptop and upon attempting to browse the internet became frustrated by redirected google searches and the frequent popup. I also have been getting Internet Explorer errors saying it needs to close yet I'm not even running IE, I'm using FireFox. I tried getting MalwareBytes' Removal Tool as it has worked wonders in the past for me but I'm unable to get it to even run and it has an error at the end of the install. I tried making the setup file a bat and renaming the main .exe after installation to no avail. They had McAfee SecurityCenter installed but it hadn't been updated or had a scan done since November. So I updated it and ran a scan. It found 3 things. One that it quarantined and two that it allowed me to remove. Though this has not fixed my problem. So I downloaded HijackThis and renamed it and ran a quick scan. Here's the log I got.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:45 PM, on 2/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\sistray.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\PHAROS~1\CORE\CTSKMSTR.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
F:\h\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [rotatigov] Rundll32.exe "c:\windows\system32\kidowavi.dll",a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - S-1-5-18 Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlackBerry Desktop Redirector.lnk = C:\Program Files\Research In Motion\BlackBerry\Redirector.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: iSiloX Clipper - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll
O9 - Extra 'Tools' menuitem: iSiloX Clipper... - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O20 - AppInit_DLLs: nufiginu.dll c:\windows\system32\kidowavi.dll
O21 - SSODL: woyojazat - {6d95d1ea-bca9-4984-901d-058f762abcf6} - (no file)
O21 - SSODL: vazutopaz - {9e66444c-5260-499a-9a79-392ded36a7fd} - c:\windows\system32\kidowavi.dll
O22 - SharedTaskScheduler: tokatiluy - {9e66444c-5260-499a-9a79-392ded36a7fd} - c:\windows\system32\kidowavi.dll
O23 - Service: McAfee Application Installer Cleanup (0315891266105164) (0315891266105164mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\031589~1.EXE (file missing)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\CORE\CTSKMSTR.EXE
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 15836 bytes

I ran the log through http://hjt.networktechs.com/ and it's HiJackThis log analyzer and it found some things which it said I probably should remove. One of which it gave me was isuspm.exe which told me it was spyware upon clicking it in the parsed log from that site. It rejected me to this: http://process.networktechs.com/isuspm.exe.php

Can anyone help me get rid of this problem and should I remove those things it highlighted in red? I have to give this laptop back tomorrow morning and I don't want to be the one to take the blame for a spyware/virus problem that has probably been there for a long time since I've only borrowed it for two days and I only used it for research on a college report.

Thanks anyone who can help me.

Edited by Mewten, 15 February 2010 - 01:23 AM.


BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:33 PM

Posted 18 February 2010 - 02:34 PM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 Mewten

Mewten
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 19 February 2010 - 07:49 AM

Thanks for a response. So far I'm still having the same problem. I can't browse the internet without popups, search engine redirects, and IE having errors when it's not even running, or at least it shouldn't be. I deleted isuspm.exe because that HiJackthis log analyzer told me it was spyware and I had hoped that would fix the problem. Sadly I can find no noticeable difference. Here's my DDS logs:


DDS (Ver_09-12-01.01) - FAT32x86
Run by Paul McCarl at 5:31:02.00 on Fri 02/19/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1150.506 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\sistray.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\PROGRA~1\PHAROS~1\CORE\CTSKMSTR.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Paul McCarl\Desktop\dds.scr
C:\Program Files\JGsoft\EditPadLite\EditPadLite.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [LaunchList] c:\program files\pinnacle\studio 11\LaunchList2.exe
mRun: [LaunchApp] Alaunch
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [SiS Windows KeyHook] c:\windows\system32\keyhook.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PCMService] "c:\program files\arcade\PCMService.exe"
mRun: [LManager] c:\program files\launch manager\QtZgAcer.EXE
mRun: [eRecoveryService] c:\windows\system32\Check.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [WinDVR SchSvr] "c:\program files\common files\intervideo\schsvr\SchSvr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [OneTouch Monitor] c:\program files\visioneer onetouch\OneTouchMon.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [USBToolTip] "c:\program files\pinnacle\shared files\programs\usbtip\USBTip.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [rotatigov] Rundll32.exe "c:\windows\system32\kulepive.dll",a
StartupFolder: c:\docume~1\paulmc~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blackb~1.lnk - c:\program files\research in motion\blackberry\Redirector.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - {628A3E94-1B5F-48c1-9487-71082189C019} - c:\program files\isilo\isilox\iSiloXIE.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
AppInit_DLLs: c:\windows\system32\kulepive.dll,reranavu.dll
SSODL: woyojazat - {6d95d1ea-bca9-4984-901d-058f762abcf6} - No File
SSODL: zetudepar - {32354bcc-2f7e-4e7f-9d41-fde7e953d4f9} - c:\windows\system32\kulepive.dll
STS: mujuzedij: {32354bcc-2f7e-4e7f-9d41-fde7e953d4f9} - c:\windows\system32\kulepive.dll
LSA: Notification Packages = scecli rovoyato.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\paulmc~1\applic~1\mozilla\firefox\profiles\pr952ioy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&tab=nw&source=iglk
FF - plugin: c:\documents and settings\paul mccarl\application

data\mozilla\firefox\profiles\pr952ioy.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07074039.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-9-4 214664]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-6-25 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-9-4 144704]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2008-4-8 23200]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-9-4 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-9-4 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-9-4 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-9-4 40552]
S2 0315891266105164mcinstcleanup;McAfee Application Installer Cleanup (0315891266105164);c:\windows\temp\031589~1.exe c:\progra~1\common~1\mcafee\instal~1

\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\031589~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-9-4 34248]
S3 PhTVTune;Zurotech WDM TVTuner;c:\windows\system32\drivers\Silicon.sys [2006-1-31 28224]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-1 34384]

============== File Associations ===============

txtfile="c:\program files\jgsoft\editpadlite\EditPadLite.exe" "%1"

=============== Created Last 30 ================

2010-02-19 05:07:22 1 --sh--w- c:\windows\system32\gijareso.dll
2010-02-19 05:07:04 1 --sha-w- c:\windows\system32\sapayuse.dll
2010-02-19 05:07:02 1 --sha-w- c:\windows\system32\ganizoni.dll
2010-02-19 05:07:02 1 --sha-w- c:\windows\system32\fiyakuzu.dll
2010-02-19 04:44:26 1 --sh--w- c:\windows\system32\gubitahu.dll
2010-02-19 04:44:20 1 --sh--w- c:\windows\system32\yadihoni.dll
2010-02-19 04:44:20 1 --sh--w- c:\windows\system32\kujonuva.dll
2010-02-19 04:43:42 1 --sha-w- c:\windows\system32\zewadora.dll
2010-02-19 04:43:42 1 --sha-w- c:\windows\system32\zamivoru.dll
2010-02-19 04:43:42 1 --sha-w- c:\windows\system32\redonuta.dll
2010-02-18 08:03:28 0 d-----w- c:\docume~1\paulmc~1\applic~1\MilkShape 3D 1.x.x
2010-02-17 23:23:29 56832 --sha-w- c:\windows\system32\rovoyato.dll
2010-02-17 23:23:29 56832 --sha-w- c:\windows\system32\reranavu.dll
2010-02-17 23:23:29 56832 --sha-w- c:\windows\system32\boyesofo.dll
2010-02-17 23:21:53 96768 --sha-w- c:\windows\system32\kulepive.dll
2010-02-17 23:21:53 66048 --sha-w- c:\windows\system32\yanulepi.dll
2010-02-17 23:21:53 56832 --sha-w- c:\windows\system32\tuzatazo.dll
2010-02-17 23:21:53 43520 --sha-w- c:\windows\system32\sohibesi.dll
2010-02-16 07:38:03 96768 --sha-w- c:\windows\system32\vasidifu.dll
2010-02-16 07:38:03 38912 --sha-w- c:\windows\system32\tebudati.dll
2010-02-15 12:13:23 92672 --sha-w- c:\windows\system32\vuhusihu.dll
2010-02-15 12:13:23 38912 --sha-w- c:\windows\system32\jolefayu.dll
2010-02-15 11:25:05 1 --sha-w- c:\windows\system32\zedozugu.dll
2010-02-15 11:25:05 1 --sha-w- c:\windows\system32\fupuvuyu.dll
2010-02-15 11:01:17 1 --sha-w- c:\windows\system32\telekena.dll
2010-02-15 11:01:17 1 --sha-w- c:\windows\system32\baguteja.dll
2010-02-15 09:56:11 1 --sha-w- c:\windows\system32\nuvebode.dll
2010-02-15 09:56:11 1 --sha-w- c:\windows\system32\gizehure.dll
2010-02-15 09:33:36 1 --sha-w- c:\windows\system32\tuvojeto.dll
2010-02-15 09:33:36 1 --sha-w- c:\windows\system32\suliweya.dll
2010-02-15 09:11:02 1 --sha-w- c:\windows\system32\ruperapi.dll
2010-02-15 09:11:02 1 --sha-w- c:\windows\system32\betipafe.dll
2010-02-15 08:05:57 1 --sha-w- c:\windows\system32\nezapivu.dll
2010-02-15 08:05:57 1 --sha-w- c:\windows\system32\jiwirido.dll
2010-02-15 07:43:24 1 --sha-w- c:\windows\system32\sonudodu.dll
2010-02-15 07:43:24 1 --sha-w- c:\windows\system32\dukotova.dll
2010-02-15 07:20:51 1 --sha-w- c:\windows\system32\buyetuza.dll
2010-02-15 07:20:48 1 --sha-w- c:\windows\system32\lowagaje.dll
2010-02-15 06:56:47 1 --sha-w- c:\windows\system32\vivodiha.dll
2010-02-15 06:56:47 1 --sha-w- c:\windows\system32\fikisezi.dll
2010-02-15 06:34:07 1 --sh--w- c:\windows\system32\hukodare.dll
2010-02-15 06:31:07 1 --sha-w- c:\windows\system32\vohetufa.dll
2010-02-15 06:31:07 1 --sha-w- c:\windows\system32\jazehode.dll
2010-02-14 18:11:19 38912 --sha-w- c:\windows\system32\vatavude.dll
2010-02-14 06:25:02 1 --sha-w- c:\windows\system32\joretido.dll
2010-02-14 06:25:02 1 --sha-w- c:\windows\system32\falozogi.dll
2010-02-14 06:02:29 1 --sha-w- c:\windows\system32\tiwowugi.dll
2010-02-14 06:02:29 1 --sha-w- c:\windows\system32\ruhefife.dll
2010-02-14 06:02:29 1 --sha-w- c:\windows\system32\gejekoyu.dll
2010-02-14 05:39:56 1 --sha-w- c:\windows\system32\lululune.dll
2010-02-14 05:39:56 1 --sha-w- c:\windows\system32\litikene.dll
2010-02-14 05:39:56 1 --sha-w- c:\windows\system32\guvuzefo.dll
2010-02-14 05:39:56 1 --sha-w- c:\windows\system32\baporowo.dll
2010-02-13 23:49:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-02-13 18:21:39 25 ----a-w- c:\windows\popcinfot.dat
2010-02-13 18:08:01 0 d-----w- c:\docume~1\alluse~1\applic~1\PopCap Games
2010-02-13 16:56:11 92672 --sha-w- c:\windows\system32\kovibele.dll
2010-02-13 16:56:11 38912 --sha-w- c:\windows\system32\gowidelo.dll
2010-02-13 16:50:09 51712 --sha-w- c:\windows\system32\werihova.dll.tmp
2010-02-13 16:50:09 51712 --sha-w- c:\windows\system32\nufiginu.dll.tmp
2010-02-13 16:50:09 51712 --sha-w- c:\windows\system32\natavepo.dll.tmp
2010-02-13 16:49:58 6456 ---ha-w- c:\windows\system32\pekebiji
2010-02-13 16:46:52 0 d-----w- c:\windows\system32\XPSViewer
2010-02-13 16:43:53 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-02-13 16:43:53 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-02-13 16:43:53 117760 ------w- c:\windows\system32\prntvpt.dll
2010-02-13 16:43:52 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-02-13 16:43:52 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-02-13 16:43:51 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-02-13 16:43:51 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-02-13 04:59:21 0 d-----w- c:\docume~1\paulmc~1\applic~1\MusE
2010-02-13 04:57:25 0 d-----w- c:\program files\MuseScore 0.9
2010-02-12 21:50:40 0 d-----w- c:\docume~1\paulmc~1\applic~1\Screaming Bee
2010-02-09 00:05:57 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

==================== Find3M ====================

2009-12-31 16:50:04 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 16:50:04 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-31 15:33:06 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-12-18 13:05:44 634648 ------w- c:\windows\system32\dllcache\iexplore.exe
2009-12-18 13:04:10 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2009-12-16 18:43:28 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 18:43:28 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08:24 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-14 07:08:24 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-08 09:23:28 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2009-12-04 18:22:22 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11:44 1291776 ------w- c:\windows\system32\dllcache\quartz.dll
2009-11-27 16:07:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:36 8704 ----a-w- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:07:36 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:36 28672 ----a-w- c:\windows\system32\dllcache\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07:34 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
2008-04-05 07:03:08 444 ----a-w- c:\program files\Shortcut to DupFinder.exe.lnk
2007-12-01 22:32:16 237568 ----a-w- c:\program files\DupFinder.exe
2002-07-27 00:02:06 153088 ----a-w- c:\program files\UNWISE.EXE
2001-09-10 16:00:26 139264 ----a-w- c:\windows\inf\i386\Rtscan.dll
2001-09-10 15:10:36 61440 ----a-w- c:\windows\inf\i386\onetUSD.dll
2001-08-18 01:43:24 32768 ----a-w- c:\windows\inf\i386\Wiamicro.dll
2001-08-04 01:29:18 13824 ----a-w- c:\windows\inf\i386\usbscan.sys
2001-06-29 15:10:24 163840 ----a-w- c:\windows\inf\i386\viceo.dll
2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2007-12-17 13:43:00 27648 --sh--w- c:\windows\system32\Smab0.dll
2008-09-04 23:54:04 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905

\index.dat

============= FINISH: 5:36:27.15 ===============


I tried running GMER which ran fine at first but then things started getting weird as it went. At first my windows theme settings reverted to windows classic instead of the default blue for XP. I figured it was just trying to optimize speed settings for the duration of the scan. But then after that happened I suddenly couldn't connect to the internet anymore, no sites would load at all. And then to top it all off not much longer after that my start bar disappeared entirely and I was unable to get it back. Similar to when you end the Explorer.exe task via task manager. I figured it would just keep scanning and revert to normal and let it run all night. But this morning my screen was just a black screen with nothing on it, no mouse cursor or anything just black, as if the screen were off. I tried pressing many keys and it wouldn't respond. So I was unable to save/retrieve any log from GMER. If GMER logs are necessary tell me how to proceed without such problems.

Thanks for the support I'll keep checking in.

Attached Files



#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:33 PM

Posted 19 February 2010 - 05:19 PM

Hi Mewten,

My name is Syler and I will be helping you to solve your Malware issues.


Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


Then please post back here with the following logs:
  • MBAM log
  • OTL.txt
  • Extra.txt

Thanks

unite.jpg


#5 Mewten

Mewten
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 20 February 2010 - 01:56 AM

QUOTE(Mewten @ Feb 14 2010, 11:22 PM) View Post
Alright so I'm terribly frustrated. I borrowed a laptop and upon attempting to browse the internet became frustrated by redirected google searches and the frequent popup. I also have been getting Internet Explorer errors saying it needs to close yet I'm not even running IE, I'm using FireFox. I tried getting MalwareBytes' Removal Tool as it has worked wonders in the past for me but I'm unable to get it to even run and it has an error at the end of the install. I tried making the setup file a bat and renaming the main .exe after installation to no avail. They had McAfee SecurityCenter installed but it hadn't been updated or had a scan done since November. So I updated it and ran a scan. It found 3 things. One that it quarantined and two that it allowed me to remove. Though this has not fixed my problem. So I downloaded HijackThis and renamed it and ran a quick scan. Here's the log I got...

...Thanks anyone who can help me.


As already mentioned I previously tried installing Malwarebytes' Removal Tool but it won't finish installing. So I can not run it despite every work around method I've tried.

Here's a screenshot of the error just to show the error I'm getting:



Here is what OTL gave me:

OTL.txt:

OTL logfile created on: 2/19/2010 11:36:22 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Paul McCarl\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35.70 Gb Total Space | 0.89 Gb Free Space | 2.48% Space Free | Partition Type: FAT32
Drive D: | 35.87 Gb Total Space | 20.45 Gb Free Space | 57.00% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LIKE_UNTO_US
Current User Name: Paul McCarl
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/19 23:14:56 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul McCarl\Desktop\OTL.exe
PRC - [2010/01/15 20:09:38 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/04/15 14:19:56 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/04/15 14:19:56 | 000,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/04/13 18:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/28 23:37:20 | 000,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2008/03/28 11:55:34 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/02/18 16:29:12 | 000,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2008/01/11 19:54:32 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2007/05/14 16:22:22 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2007/03/11 21:34:40 | 000,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/03/11 21:26:24 | 000,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2007/02/22 15:33:06 | 000,294,912 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe
PRC - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe
PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/10/16 13:50:16 | 000,202,312 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
PRC - [2006/09/11 04:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2006/02/28 12:42:38 | 000,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/05/04 00:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
PRC - [2005/05/03 22:07:32 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
PRC - [2005/03/28 13:52:08 | 000,360,448 | ---- | M] (acer Inc.) -- C:\Program Files\acer\eRecovery\Monitor.exe
PRC - [2005/03/28 12:30:44 | 000,315,392 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2005/03/09 18:59:26 | 000,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Arcade\PCMService.exe
PRC - [2005/03/04 13:13:04 | 000,032,768 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\Keyhook.exe
PRC - [2005/02/23 18:13:10 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/01/04 16:52:52 | 000,331,776 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
PRC - [2004/10/07 23:44:24 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/10/07 23:43:12 | 000,688,218 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2004/10/07 19:50:52 | 000,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2004/09/08 20:51:10 | 000,106,496 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
PRC - [2004/08/16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe
PRC - [2004/06/09 14:16:08 | 000,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\palmOne\Hotsync.exe
PRC - [2003/12/17 09:50:00 | 000,019,968 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\LOGI_MWX.EXE
PRC - [2001/09/10 08:08:40 | 000,086,016 | ---- | M] (Visioneer Inc) -- C:\Program Files\Visioneer OneTouch\OneTouchMon.exe


========== Modules (SafeList) ==========

MOD - [2010/02/19 23:14:56 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul McCarl\Desktop\OTL.exe
MOD - [2010/02/19 19:52:46 | 000,100,352 | -HS- | M] () -- C:\WINDOWS\system32\fojawuka.dll
MOD - [2010/02/17 16:23:32 | 000,056,832 | -HS- | M] () -- C:\WINDOWS\system32\reranavu.dll
MOD - [2008/04/13 18:11:56 | 001,028,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
MOD - [2008/04/13 18:11:54 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hid.dll
MOD - [2007/02/22 15:33:06 | 000,167,936 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\PrnTrack.dll
MOD - [2007/02/22 15:33:06 | 000,109,568 | ---- | M] (www.madshi.net) -- C:\WINDOWS\system32\MadCHook.dll
MOD - [2004/10/07 23:44:16 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2004/08/27 16:42:36 | 000,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\Shared Files\CLRCEngine.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (0315891266105164mcinstcleanup) McAfee Application Installer Cleanup (0315891266105164)
SRV - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/10/28 11:50:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/04/15 14:19:56 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/03/28 11:55:34 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/02/28 17:07:48 | 000,529,704 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2008/02/18 16:29:12 | 000,877,864 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)
SRV - [2007/06/04 22:14:50 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/06/04 22:14:50 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/04/23 11:43:54 | 000,310,008 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2007/04/23 11:43:54 | 000,166,648 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2007/04/23 11:43:46 | 001,010,424 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2007/04/22 20:29:34 | 000,088,824 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/04/22 20:29:32 | 000,359,160 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/02/22 15:33:06 | 000,294,912 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)
SRV - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2006/11/08 16:35:38 | 000,053,248 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 16:35:36 | 000,043,520 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2006/02/28 12:42:38 | 000,229,376 | ---- | M] (Apple Computer, Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2005/05/04 00:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -- (MSSQL$MICROSOFTSMLBIZ)
SRV - [2005/05/03 21:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTSMLBIZ)
SRV - [2005/02/09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) [Auto | Running] -- C:\Acer\eManager\anbmServ.exe -- (anbmService)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/12/01 15:49:54 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009/11/04 16:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/04 16:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/04 16:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 16:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/04 16:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/13 03:25:54 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/03/23 03:00:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/03/08 13:20:50 | 000,021,568 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2007/03/08 13:20:50 | 000,016,496 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2007/03/08 13:20:48 | 000,049,920 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2007/01/23 10:11:38 | 000,441,472 | ---- | M] (Pinnacle Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MarvinUsb.sys -- (PinnacleMarvinUsb)
DRV - [2007/01/18 10:24:58 | 000,026,496 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2007/01/04 10:07:00 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2006/11/07 19:02:04 | 000,022,272 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2006/11/06 18:04:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2006/07/28 01:25:02 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2005/10/18 14:17:26 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2005/05/09 00:22:00 | 000,334,016 | R--- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134)
DRV - [2005/05/09 00:22:00 | 000,028,224 | R--- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Silicon.sys -- (PhTVTune)
DRV - [2005/03/21 04:05:46 | 000,333,620 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2005/03/02 00:09:02 | 000,240,640 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2005/02/25 19:45:32 | 000,013,312 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/02/24 14:20:22 | 002,311,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\acer\eRecovery\int15.sys -- (int15.sys)
DRV - [2004/12/21 10:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/12/17 17:14:44 | 000,013,952 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2004/12/08 14:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2004/11/05 01:43:58 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2004/10/07 23:33:46 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/10/07 19:51:08 | 001,270,540 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/11 01:30:00 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/04 05:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 05:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2004/04/14 11:08:00 | 000,044,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/04/14 11:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2004/04/14 11:08:00 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2004/04/14 11:08:00 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2003/12/17 09:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/17 09:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2003/12/17 09:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2003/12/17 09:50:00 | 000,014,095 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LCCFLTR.SYS -- (LCcfltr)
DRV - [2003/12/05 18:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/10/15 17:52:00 | 000,174,530 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov519vid.sys -- (ovt519)
DRV - [2003/07/18 09:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2001/08/09 17:26:02 | 000,022,608 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wandrv.sys -- (wandrv)
DRV - [1999/06/30 02:49:10 | 000,023,200 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ppsio2.sys -- (ppsio2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-3114931810-2722823546-101498696-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKU\S-1-5-21-3114931810-2722823546-101498696-1004\S-1-5-21-3114931810-2722823546-101498696-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3114931810-2722823546-101498696-1004\S-1-5-21-3114931810-2722823546-101498696-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en&tab=nw&source=iglk"
FF - prefs.js..extensions.enabledItems: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb}:1.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8
FF - prefs.js..extensions.enabledItems: {B9C8BE50-7105-4ec6-8FB4-4935C0671648}:0.5.995
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: linkalert.conlan@addons.mozilla.com:1.0.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07074039
FF - prefs.js..extensions.enabledItems: savesession@noasobi.net:1.3.1.6
FF - prefs.js..extensions.enabledItems: youplayer@addons.mozilla.org:0.9.8

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2007/09/10 07:17:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2007/09/10 07:17:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2007/09/10 07:44:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2008/03/27 13:03:28 | 000,000,000 | ---D | M]

[2008/09/01 20:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul McCarl\Application Data\Mozilla\Extensions
[2007/09/10 07:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul McCarl\Application Data\Mozilla\Firefox\Profiles\pr952ioy.default\extensions
[2010/02/12 02:17:34 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Paul McCarl\Application Data\Mozilla\Firefox\Profiles\pr952ioy.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2007/10/03 08:20:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul McCarl\Application Data\Mozilla\Firefox\Profiles\pr952ioy.default\extensions\{5a2b4e34-ce62-42e9-a658-06ba4490adf8}
[2009/11/19 22:11:50 | 000,000,000 | ---D | M] (Dafizilla Table2Clipboard) -- C:\Documents and Settings\Paul McCarl\Application Data\Mozilla\Firefox\Profiles\pr952ioy.default\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}
[2010/02/12 02:17:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul McCarl\Application Data\Mozilla\Firefox\Profiles\pr952ioy.default\extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648}
[2010/02/12 02:16:16 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Paul McCarl\Application Data\Mozilla\Firefox\Profiles\pr952ioy.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/02/12 02:17:26 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Paul McCarl\Application Data\Mozilla\Firefox\Profiles\pr952ioy.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/02/12 02:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul McCarl\Application Data\Mozilla\Firefox\Profiles\pr952ioy.default\extensions\linkalert.conlan@addons.mozilla.com
[2008/04/29 07:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul McCarl\Application Data\Mozilla\Firefox\Profiles\pr952ioy.default\extensions\moveplayer@movenetworks.com
[2009/11/19 22:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul McCarl\Application Data\Mozilla\Firefox\Profiles\pr952ioy.default\extensions\savesession@noasobi.net
[2008/05/25 20:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul McCarl\Application Data\Mozilla\Firefox\Profiles\pr952ioy.default\extensions\youplayer@addons.mozilla.org
[2007/09/10 07:17:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3114931810-2722823546-101498696-1004\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3114931810-2722823546-101498696-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [eRecoveryService] C:\WINDOWS\system32\Check.exe (acer Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe (Visioneer Inc)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [rotatigov] C:\WINDOWS\System32\fojawuka.DLL ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [USB2Check] C:\WINDOWS\System32\PCLECoInst.DLL (Pinnacle Systems)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [WinDVR SchSvr] C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe (InterVideo Inc.)
O4 - HKU\S-1-5-21-3114931810-2722823546-101498696-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-3114931810-2722823546-101498696-1004..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3114931810-2722823546-101498696-1004..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-3114931810-2722823546-101498696-1004..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe (Pinnacle Systems)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlackBerry Desktop Redirector.lnk = C:\Program Files\Research In Motion\BlackBerry\Redirector.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Paul McCarl\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3114931810-2722823546-101498696-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: iSiloX Clipper - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll (DC & Co.)
O9 - Extra 'Tools' menuitem : iSiloX Clipper... - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll (DC & Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3114931810-2722823546-101498696-1004\..Trusted Domains: compuserve.com ([]* is out of zone range - 5)
O15 - HKU\S-1-5-21-3114931810-2722823546-101498696-1004\..Trusted Domains: compuserve.com ([objects] * is out of zone range - 6)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/get/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O20 - AppInit_DLLs: (reranavu.dll) - C:\WINDOWS\System32\reranavu.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\fojawuka.dll) - C:\WINDOWS\system32\fojawuka.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O21 - SSODL: figujasan - {6a222a18-b936-41c7-a2bc-f9caa81541e9} - C:\WINDOWS\system32\fojawuka.dll ()
O21 - SSODL: woyojazat - {6d95d1ea-bca9-4984-901d-058f762abcf6} - CLSID or File not found.
O22 - SharedTaskScheduler: {6a222a18-b936-41c7-a2bc-f9caa81541e9} - gahurihor - C:\WINDOWS\system32\fojawuka.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Paul McCarl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paul McCarl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/18 22:49:12 | 000,000,189 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\F:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/03/07 09:32:40 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point (206158430208)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/19 23:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul McCarl\Application Data\WinRAR
[2010/02/19 23:17:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul McCarl\Desktop\Adobe Photoshop CS3
[2010/02/19 23:15:56 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/02/19 23:14:48 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul McCarl\Desktop\OTL.exe
[2010/02/19 23:07:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/19 23:07:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/19 23:07:21 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/19 23:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/18 01:03:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul McCarl\Application Data\MilkShape 3D 1.x.x
[2010/02/13 16:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/02/13 11:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/02/13 09:46:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/02/13 09:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/02/13 09:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/02/13 09:43:53 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/02/13 09:43:53 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/02/13 09:43:53 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/02/13 09:43:52 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/02/13 09:43:51 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/02/13 09:43:51 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/02/12 21:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul McCarl\Application Data\MusE
[2010/02/12 21:58:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul McCarl\Local Settings\Application Data\MusE
[2010/02/12 21:57:25 | 000,000,000 | ---D | C] -- C:\Program Files\MuseScore 0.9
[2010/02/12 14:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul McCarl\Application Data\Screaming Bee
[2010/02/08 17:05:57 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2008/04/05 00:01:45 | 000,237,568 | ---- | C] (Brooks Younce Software) -- C:\Program Files\DupFinder.exe
[2005/03/07 09:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/03/07 09:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2005/03/07 09:37:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/03/07 09:37:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/19 23:45:06 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\pekebiji
[2010/02/19 23:14:56 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul McCarl\Desktop\OTL.exe
[2010/02/19 23:00:06 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\ezgjmmbm.job
[2010/02/19 22:54:26 | 000,000,391 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2010/02/19 19:52:46 | 000,100,352 | -HS- | M] () -- C:\WINDOWS\System32\fojawuka.dll
[2010/02/19 19:52:46 | 000,047,104 | -HS- | M] () -- C:\WINDOWS\System32\kokemabo.dll
[2010/02/19 15:50:24 | 000,000,692 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2010/02/19 15:50:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/19 15:47:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/19 15:47:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/19 15:47:18 | 1206,439,936 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/18 23:09:30 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Paul McCarl\Desktop\gmer.zip
[2010/02/18 22:54:54 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Paul McCarl\Desktop\dds.scr
[2010/02/18 22:07:24 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\gijareso.dll
[2010/02/18 22:07:06 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\sapayuse.dll
[2010/02/18 22:07:04 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\ganizoni.dll
[2010/02/18 22:07:04 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\fiyakuzu.dll
[2010/02/18 21:44:28 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\gubitahu.dll
[2010/02/18 21:44:22 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\yadihoni.dll
[2010/02/18 21:44:22 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\kujonuva.dll
[2010/02/18 21:43:44 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\zewadora.dll
[2010/02/18 21:43:44 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\zamivoru.dll
[2010/02/18 21:43:44 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\redonuta.dll
[2010/02/18 19:24:06 | 000,119,656 | ---- | M] () -- C:\Documents and Settings\Paul McCarl\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/18 06:55:52 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/02/18 06:55:48 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\Paul McCarl\NTUSER.DAT
[2010/02/18 06:55:48 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Paul McCarl\ntuser.ini
[2010/02/17 22:11:06 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Paul McCarl\My Documents\Mid-term Examination - William McCarl.doc
[2010/02/17 18:37:32 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/17 16:23:32 | 000,056,832 | -HS- | M] () -- C:\WINDOWS\System32\rovoyato.dll
[2010/02/17 16:23:32 | 000,056,832 | -HS- | M] () -- C:\WINDOWS\System32\reranavu.dll
[2010/02/17 16:23:32 | 000,056,832 | -HS- | M] () -- C:\WINDOWS\System32\boyesofo.dll
[2010/02/17 16:22:00 | 000,096,768 | -HS- | M] () -- C:\WINDOWS\System32\kulepive.dll
[2010/02/17 16:21:56 | 000,066,048 | -HS- | M] () -- C:\WINDOWS\System32\yanulepi.dll
[2010/02/17 16:21:56 | 000,056,832 | -HS- | M] () -- C:\WINDOWS\System32\tuzatazo.dll
[2010/02/17 16:21:56 | 000,043,520 | -HS- | M] () -- C:\WINDOWS\System32\sohibesi.dll
[2010/02/16 00:38:08 | 000,096,768 | -HS- | M] () -- C:\WINDOWS\System32\vasidifu.dll
[2010/02/16 00:38:06 | 000,038,912 | -HS- | M] () -- C:\WINDOWS\System32\tebudati.dll
[2010/02/15 14:27:56 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/15 14:27:24 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/02/15 11:48:38 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/02/15 11:35:16 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010/02/15 05:13:26 | 000,092,672 | -HS- | M] () -- C:\WINDOWS\System32\vuhusihu.dll
[2010/02/15 05:13:26 | 000,038,912 | -HS- | M] () -- C:\WINDOWS\System32\jolefayu.dll
[2010/02/15 05:13:06 | 002,648,140 | -H-- | M] () -- C:\Documents and Settings\Paul McCarl\Local Settings\Application Data\IconCache.db
[2010/02/15 04:26:00 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Paul McCarl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/15 04:25:06 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\zedozugu.dll
[2010/02/15 04:25:06 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\fupuvuyu.dll
[2010/02/15 04:11:10 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/02/15 04:01:18 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\telekena.dll
[2010/02/15 04:01:18 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\baguteja.dll
[2010/02/15 02:56:14 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\nuvebode.dll
[2010/02/15 02:56:14 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\gizehure.dll
[2010/02/15 02:33:38 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\tuvojeto.dll
[2010/02/15 02:33:38 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\suliweya.dll
[2010/02/15 02:11:04 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\ruperapi.dll
[2010/02/15 02:11:04 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\betipafe.dll
[2010/02/15 01:06:00 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\nezapivu.dll
[2010/02/15 01:06:00 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\jiwirido.dll
[2010/02/15 00:43:26 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\sonudodu.dll
[2010/02/15 00:43:26 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\dukotova.dll
[2010/02/15 00:20:52 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\buyetuza.dll
[2010/02/15 00:20:50 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\lowagaje.dll
[2010/02/14 23:56:50 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\vivodiha.dll
[2010/02/14 23:56:50 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\fikisezi.dll
[2010/02/14 23:34:08 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\hukodare.dll
[2010/02/14 23:31:08 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\vohetufa.dll
[2010/02/14 23:31:08 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\jazehode.dll
[2010/02/14 11:11:22 | 000,038,912 | -HS- | M] () -- C:\WINDOWS\System32\vatavude.dll
[2010/02/13 23:25:04 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\joretido.dll
[2010/02/13 23:25:04 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\falozogi.dll
[2010/02/13 23:02:30 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\tiwowugi.dll
[2010/02/13 23:02:30 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\ruhefife.dll
[2010/02/13 23:02:30 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\gejekoyu.dll
[2010/02/13 22:39:58 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\lululune.dll
[2010/02/13 22:39:58 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\litikene.dll
[2010/02/13 22:39:58 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\guvuzefo.dll
[2010/02/13 22:39:58 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\baporowo.dll
[2010/02/13 16:35:42 | 000,000,438 | ---- | M] () -- C:\Documents and Settings\Paul McCarl\Desktop\Plants Vs Zombies.lnk
[2010/02/13 10:56:44 | 001,727,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/13 09:56:14 | 000,092,672 | -HS- | M] () -- C:\WINDOWS\System32\kovibele.dll
[2010/02/13 09:56:14 | 000,038,912 | -HS- | M] () -- C:\WINDOWS\System32\gowidelo.dll
[2010/02/13 09:47:46 | 000,552,834 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/13 09:47:46 | 000,463,768 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/13 09:47:46 | 000,080,730 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/12 21:42:38 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Paul McCarl\My Documents\Issues Paper #2.doc
[2010/02/12 21:42:08 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Paul McCarl\My Documents\Checks and Balances.doc
[2010/02/12 03:05:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/12 02:20:48 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/19 19:52:42 | 000,100,352 | -HS- | C] () -- C:\WINDOWS\System32\fojawuka.dll
[2010/02/19 19:52:42 | 000,047,104 | -HS- | C] () -- C:\WINDOWS\System32\kokemabo.dll
[2010/02/18 23:10:42 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Paul McCarl\Desktop\gmer.exe
[2010/02/18 23:09:35 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Paul McCarl\Desktop\gmer.zip
[2010/02/18 22:55:03 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Paul McCarl\Desktop\dds.scr
[2010/02/18 22:07:22 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\gijareso.dll
[2010/02/18 22:07:04 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\sapayuse.dll
[2010/02/18 22:07:02 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\ganizoni.dll
[2010/02/18 22:07:02 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\fiyakuzu.dll
[2010/02/18 21:44:26 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\gubitahu.dll
[2010/02/18 21:44:20 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\yadihoni.dll
[2010/02/18 21:44:20 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\kujonuva.dll
[2010/02/18 21:43:42 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\zewadora.dll
[2010/02/18 21:43:42 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\zamivoru.dll
[2010/02/18 21:43:42 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\redonuta.dll
[2010/02/17 19:04:10 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Paul McCarl\My Documents\Mid-term Examination - William McCarl.doc
[2010/02/17 16:23:29 | 000,056,832 | -HS- | C] () -- C:\WINDOWS\System32\rovoyato.dll
[2010/02/17 16:23:29 | 000,056,832 | -HS- | C] () -- C:\WINDOWS\System32\reranavu.dll
[2010/02/17 16:23:29 | 000,056,832 | -HS- | C] () -- C:\WINDOWS\System32\boyesofo.dll
[2010/02/17 16:21:57 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\ezgjmmbm.job
[2010/02/17 16:21:53 | 000,096,768 | -HS- | C] () -- C:\WINDOWS\System32\kulepive.dll
[2010/02/17 16:21:53 | 000,066,048 | -HS- | C] () -- C:\WINDOWS\System32\yanulepi.dll
[2010/02/17 16:21:53 | 000,056,832 | -HS- | C] () -- C:\WINDOWS\System32\tuzatazo.dll
[2010/02/17 16:21:53 | 000,043,520 | -HS- | C] () -- C:\WINDOWS\System32\sohibesi.dll
[2010/02/16 00:38:03 | 000,096,768 | -HS- | C] () -- C:\WINDOWS\System32\vasidifu.dll
[2010/02/16 00:38:03 | 000,038,912 | -HS- | C] () -- C:\WINDOWS\System32\tebudati.dll
[2010/02/15 05:13:23 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\vuhusihu.dll
[2010/02/15 05:13:23 | 000,038,912 | -HS- | C] () -- C:\WINDOWS\System32\jolefayu.dll
[2010/02/15 04:25:05 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\zedozugu.dll
[2010/02/15 04:25:05 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\fupuvuyu.dll
[2010/02/15 04:01:17 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\telekena.dll
[2010/02/15 04:01:17 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\baguteja.dll
[2010/02/15 02:56:11 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\nuvebode.dll
[2010/02/15 02:56:11 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\gizehure.dll
[2010/02/15 02:33:36 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\tuvojeto.dll
[2010/02/15 02:33:36 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\suliweya.dll
[2010/02/15 02:11:02 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\ruperapi.dll
[2010/02/15 02:11:02 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\betipafe.dll
[2010/02/15 01:05:57 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\nezapivu.dll
[2010/02/15 01:05:57 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\jiwirido.dll
[2010/02/15 00:43:24 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\sonudodu.dll
[2010/02/15 00:43:24 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\dukotova.dll
[2010/02/15 00:20:51 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\buyetuza.dll
[2010/02/15 00:20:48 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\lowagaje.dll
[2010/02/14 23:56:47 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\vivodiha.dll
[2010/02/14 23:56:47 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\fikisezi.dll
[2010/02/14 23:34:07 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\hukodare.dll
[2010/02/14 23:31:07 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\vohetufa.dll
[2010/02/14 23:31:07 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\jazehode.dll
[2010/02/14 11:11:19 | 000,038,912 | -HS- | C] () -- C:\WINDOWS\System32\vatavude.dll
[2010/02/13 23:25:02 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\joretido.dll
[2010/02/13 23:25:02 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\falozogi.dll
[2010/02/13 23:02:29 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\tiwowugi.dll
[2010/02/13 23:02:29 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\ruhefife.dll
[2010/02/13 23:02:29 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\gejekoyu.dll
[2010/02/13 22:39:56 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\lululune.dll
[2010/02/13 22:39:56 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\litikene.dll
[2010/02/13 22:39:56 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\guvuzefo.dll
[2010/02/13 22:39:56 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\baporowo.dll
[2010/02/13 16:35:41 | 000,000,438 | ---- | C] () -- C:\Documents and Settings\Paul McCarl\Desktop\Plants Vs Zombies.lnk
[2010/02/13 11:21:39 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/02/13 09:56:11 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\kovibele.dll
[2010/02/13 09:56:11 | 000,038,912 | -HS- | C] () -- C:\WINDOWS\System32\gowidelo.dll
[2010/02/13 09:49:58 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\pekebiji
[2010/02/13 09:47:32 | 000,260,824 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/12 21:42:37 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Paul McCarl\My Documents\Issues Paper #2.doc
[2010/02/12 18:34:27 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Paul McCarl\My Documents\Checks and Balances.doc
[2008/09/18 23:17:19 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\__FileUploader.log
[2008/09/18 23:09:09 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2008/09/18 22:49:10 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2008/09/18 22:49:10 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2008/09/18 22:49:10 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2008/09/18 22:49:10 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2008/09/18 22:49:10 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2008/05/18 17:00:50 | 000,000,567 | ---- | C] () -- C:\Documents and Settings\Paul McCarl\Application Data\AutoGK.ini
[2008/05/11 01:12:25 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\Smab0.dll
[2008/05/10 22:30:33 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/05/10 22:29:56 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/04/08 21:26:29 | 000,000,077 | ---- | C] () -- C:\WINDOWS\mydebug.ini
[2008/04/08 21:07:30 | 000,023,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\ppsio2.sys
[2008/04/05 00:03:06 | 000,000,444 | ---- | C] () -- C:\Program Files\Shortcut to DupFinder.exe.lnk
[2008/03/31 11:10:53 | 000,000,029 | ---- | C] () -- C:\WINDOWS\CDMKR32.INI
[2008/03/28 12:11:19 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/01/01 14:02:57 | 000,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008/01/01 14:02:53 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/10/27 09:26:50 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/10/21 21:48:43 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/09/17 14:43:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2007/09/17 14:41:26 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2007/09/10 08:09:32 | 000,000,391 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2007/09/10 07:58:48 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Paul McCarl\Application Data\$_hpcst$.hpc
[2007/07/25 07:24:28 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/03/10 05:51:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/11/13 13:35:44 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2006/07/28 01:45:22 | 000,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2006/01/31 13:51:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/01/31 13:51:27 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/01/31 13:51:27 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/01/31 13:51:27 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/01/31 13:51:27 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/01/31 13:51:27 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/01/12 22:11:31 | 000,000,063 | ---- | C] () -- C:\WINDOWS\freeplay.ini
[2006/01/08 17:49:09 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Paul McCarl\Local Settings\Application Data\fusioncache.dat
[2006/01/06 22:06:38 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/06 19:17:59 | 000,005,604 | ---- | C] () -- C:\WINDOWS\FORGE32.INI
[2006/01/01 00:44:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/12/13 00:02:05 | 000,002,222 | ---- | C] () -- C:\WINDOWS\Palm OS Emulator.ini
[2005/10/23 17:35:36 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\SDL_mixer.dll
[2005/10/23 17:35:05 | 000,169,443 | ---- | C] () -- C:\WINDOWS\System32\jpeg.dll
[2005/10/23 17:35:05 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2005/10/23 17:35:05 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SDL_image.dll
[2005/10/23 17:35:04 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\libpng13.dll
[2005/10/23 17:34:54 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\SDL.dll
[2005/10/23 05:30:39 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2005/10/20 08:43:35 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Paul McCarl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/10/18 14:35:22 | 000,185,414 | ---- | C] () -- C:\WINDOWS\System32\Autorun.ini
[2005/10/18 14:21:15 | 000,000,692 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2005/08/12 14:57:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/03/09 12:05:18 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/03/07 10:28:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/07 10:22:22 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/03/07 10:22:21 | 000,000,321 | ---- | C] () -- C:\WINDOWS\uninstall.ini
[2005/03/07 10:13:44 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/03/07 10:12:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/03/07 10:12:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/03/07 10:12:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/03/07 10:05:39 | 000,083,997 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2005/03/07 10:05:24 | 000,201,667 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2005/03/07 10:00:25 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005/03/07 10:00:19 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/03/07 09:53:38 | 000,037,776 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/03/07 09:44:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/12/17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/11 15:16:10 | 000,028,672 | ---- | C] () -- C:\WINDOWS\SDL_console.dll
[2002/11/06 15:42:06 | 000,090,112 | ---- | C] () -- C:\WINDOWS\SDL_gfx.dll
[2002/10/15 16:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/10/07 02:49:26 | 000,225,280 | ---- | C] () -- C:\WINDOWS\SDL.dll
[2002/05/20 05:12:50 | 000,258,048 | ---- | C] () -- C:\WINDOWS\SDL_mixer.dll
[2002/04/13 10:01:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\SDL_ttf.dll
[2002/04/13 10:01:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\SDL_net.dll
[2002/04/13 10:00:48 | 000,036,864 | ---- | C] () -- C:\WINDOWS\SDL_image.dll
[2002/02/07 10:43:38 | 000,319,488 | ---- | C] () -- C:\WINDOWS\sdl_sound.dll
[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/12/03 18:59:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\in_flac.dll
[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/08/12 23:00:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\vorbisfile.dll
[2001/08/12 23:00:36 | 000,094,208 | ---- | C] () -- C:\WINDOWS\vorbis.dll
[2001/08/12 22:59:58 | 000,024,576 | ---- | C] () -- C:\WINDOWS\ogg.dll
[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2001/04/05 12:24:14 | 000,169,443 | ---- | C] () -- C:\WINDOWS\jpeg.dll
[2001/04/05 12:24:14 | 000,094,720 | ---- | C] () -- C:\WINDOWS\libpng1.dll
[2001/04/05 12:24:14 | 000,053,760 | ---- | C] () -- C:\WINDOWS\zlib.dll
[2001/04/04 18:33:50 | 000,209,920 | ---- | C] () -- C:\WINDOWS\smpeg.dll
[1997/10/11 21:00:00 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\rmmerge2.dll
[1997/10/11 21:00:00 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\rmevents.dll
[1980/01/01 00:00:00 | 000,002,790 | ---- | C] () -- C:\WINDOWS\ANTIV.INI
[1980/01/01 00:00:00 | 000,000,091 | ---- | C] () -- C:\WINDOWS\ALaunch.ini

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >
[2004/08/25 23:29:12 | 000,266,843 | ---- | M] (Natl. Inst.of Stand.and Tech.) -- C:\nistime-32bit.exe


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2008/09/04 16:12:24 | 023,852,652 | ---- | M] () .cab file -- C:\i386\sp3.cab:AGP440.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/04 16:12:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2008/09/04 16:12:24 | 023,852,652 | ---- | M] () .cab file -- C:\i386\sp3.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/04 16:12:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2005/06/06 14:02:38 | 000,028,789 | ---- | M] () MD5=36971E8ED4D19CC0A7051079B039C204 -- C:\Perl\site\lib\auto\Win32\EventLog\EventLog.dll
[2008/04/13 18:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< End of report >

Extras.txt:

OTL Extras logfile created on: 2/19/2010 11:36:22 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Paul McCarl\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35.70 Gb Total Space | 0.89 Gb Free Space | 2.48% Space Free | Partition Type: FAT32
Drive D: | 35.87 Gb Total Space | 20.45 Gb Free Space | 57.00% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LIKE_UNTO_US
Current User Name: Paul McCarl
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.txt [@ = txtfile] -- C:\Program Files\JGsoft\EditPadLite\EditPadLite.exe (Just Great Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- "C:\Program Files\JGsoft\EditPadLite\EditPadLite.exe" "%1" (Just Great Software)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"6112:TCP" = 6112:TCP:*:Enabled:6112
"6112:UDP" = 6112:UDP:*:Enabled:6112

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\PharosSystems\Core\CTskMstr.exe" = C:\Program Files\PharosSystems\Core\CTskMstr.exe:*:Enabled:Pharos Com Task Master -- (Pharos Systems International)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Setup.exe" = E:\Setup.exe:*:Enabled:Setup -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()
"C:\Program Files\palmOne\Hotsync.exe" = C:\Program Files\palmOne\Hotsync.exe:*:Enabled:HotSync® Manager Application -- (PalmSource, Inc)
"D:\Program Files\Black Isle\BGII - SoA\BGMain.exe" = D:\Program Files\Black Isle\BGII - SoA\BGMain.exe:*:Enabled:Baldur's Gate II - Shadows of Amn -- File not found
"C:\WINDOWS\System32\dplaysvr.exe" = C:\WINDOWS\System32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\PharosSystems\Core\CTskMstr.exe" = C:\Program Files\PharosSystems\Core\CTskMstr.exe:*:Enabled:Pharos Com Task Master -- (Pharos Systems International)
"C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe" = C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe" = C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile -- ( )
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe" = C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"F:\Warcraft III\war3.exe" = F:\Warcraft III\war3.exe:*:Enabled:war3.exe -- File not found
"F:\Warcraft III\Warcraft III.exe" = F:\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III.exe -- File not found
"F:\Warcraft III\Frozen Throne.exe" = F:\Warcraft III\Frozen Throne.exe:*:Enabled:Frozen Throne.exe -- File not found
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- ()
"C:\WINDOWS\EXPLORER.EXE" = C:\WINDOWS\EXPLORER.EXE:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{0CE5EBD2-3058-4A82-A378-023AF36C9614}" = ActivePerl 5.8.7 Build 813
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}" = Studio 11
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Arcade 3.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{2F952048-3220-4AC7-A206-D01EFC774BB2}" = Studio 11
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{45BA7145-64B0-4B5D-BDC2-40E20FCDC6DC}" = palmOne
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{5242A858-AD61-4130-92D4-BDF5087CE562}" = NTI CD & DVD-Maker
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{585C97EA-9CFF-434A-8E38-A9132E393275}_is1" = Sony Eyetoy USB Webcam Drivers and Software
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}" = Roxio Media Manager
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{69CC0647-7F98-4358-AAB6-4F65C0705400}" = NTI Backup NOW! 4
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6BF4613C-0A46-43AA-8FA8-0CB9F2C1A548}" = InterVideo WinDVR 3
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{76BB7B2D-748F-4AE9-89C3-78C051833EA1}" = OpenOffice.org 2.0
"{7894A09D-E89E-4F37-97BC-B0711F8E3D69}" = Logger Pro 3.4.6
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C7704C6-5ABF-4BD1-8EF2-D52E4DBF0283}" = LDS Collectors Library 2005
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9B449C1A-4F64-4ED4-8C96-31B222E8377F}" = BlackBerry Desktop Software 4.2.2
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{ABE0FC9A-4357-4578-937B-601B44693C28}" = Molecular Weight Calculator
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BE282C23-5484-47FF-B2C1-EBEA5C891033}" = Nero 8
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C45EB9E5-7165-4FB0-8C31-77FC4743362F}" = Manual CanoScan LiDE 25
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1AE6D4D-C37A-487d-83D8-C333125B2459}" = HP Photosmart and Deskjet 7.0 Software
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}" = Yahoo! Desktop Login
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"7-Zip" = 7-Zip 4.32
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.2 Professional
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"AFPL Ghostscript 8.51" = AFPL Ghostscript 8.51
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Audacity_is1" = Audacity 1.2.6
"AutoGK" = Auto Gordian Knot 2.45
"AviSynth" = AviSynth 2.5
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Bejeweled 2 Deluxe 1.1" = Bejeweled 2 Deluxe 1.1
"Big Free Clock" = Big Free Clock
"BitTorrent" = BitTorrent 4.4.1
"BlackBerry_{9B449C1A-4F64-4ED4-8C96-31B222E8377F}" = BlackBerry Desktop Software 4.2.2
"Chipamp" = Chipamp
"D-Link VGA Webcam" = D-Link VGA Webcam
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EditPad Lite" = JGsoft EditPad Lite 6.3.1
"File Writer output plugin" = File Writer output plugin for WinAMP 2 v1.17© (remove only)
"GridVista" = Acer GridVista
"GSview 4.7" = GSview 4.7
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"ID3-TagIT 3_is1" = ID3-TagIT 3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Inkscape" = Inkscape 0.42.2
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{5242A858-AD61-4130-92D4-BDF5087CE562}" = NTI CD & DVD-Maker Gold
"InstallShield_{69CC0647-7F98-4358-AAB6-4F65C0705400}" = NTI Backup NOW! 4
"InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"Intel® JPEG Library 1.51" = Intel® JPEG Library 1.51
"iSiloX" = iSiloX
"KaraFun_is1" = KaraFun Studio 1.18
"KRISTAL Audio Engine" = KRISTAL Audio Engine
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Minimo" = Minimo
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Thunderbird (2.0.0.17)" = Mozilla Thunderbird (2.0.0.17)
"MSC" = McAfee SecurityCenter
"MuseScore 0.9" = MuseScore 0.9 MuseScore score typesetter
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Norton PC Checkup" = Norton PC Checkup
"OneTouch Version 3.0" = OneTouch Version 3.0
"Pac-Man for Pocket PC" = Pac-Man for Pocket PC (Remove Only)
"Pharos" = Pharos
"RIP Vinyl" = RIP Vinyl
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"SDL_Perl" = SDL_Perl (remove only)
"ShockwaveFlash" = Macromedia Flash Player 8
"SiS VGA Driver" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"Skype_is1" = Skype 2.5
"Sound Forge" = Sound Forge 4.0 for Windows 95 and NT (x86)
"Starry Night Bundle Edition" = Starry Night Bundle Edition
"SUPER ©" = SUPER © Version 2008.bld.30 (Mar 22, 2008)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VideoLAN VLC media player 0.8.6c
"VobSub" = VobSub v2.23 (Remove Only)
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = The GIMP 2.2.8
"WinGTK-2_is1" = GTK+ 2.6.9 runtime environment
"WinRAR archiver" = WinRAR archiver
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3114931810-2722823546-101498696-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/19/2010 8:27:13 AM | Computer Name = LIKE_UNTO_US | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16981, faulting
module ieframe.dll, version 7.0.6000.16981, fault address 0x000c50a8.

Error - 2/19/2010 9:42:45 AM | Computer Name = LIKE_UNTO_US | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16981, faulting
module ieframe.dll, version 7.0.6000.16981, fault address 0x000c50a8.

Error - 2/19/2010 9:51:38 AM | Computer Name = LIKE_UNTO_US | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16981, faulting
module ieframe.dll, version 7.0.6000.16981, fault address 0x000c50a8.

Error - 2/19/2010 9:56:44 AM | Computer Name = LIKE_UNTO_US | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16981, faulting
module ieframe.dll, version 7.0.6000.16981, fault address 0x000c50a8.

Error - 2/19/2010 10:06:29 AM | Computer Name = LIKE_UNTO_US | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16981, faulting
module ieframe.dll, version 7.0.6000.16981, fault address 0x000c50a8.

Error - 2/20/2010 1:17:05 AM | Computer Name = LIKE_UNTO_US | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16981, faulting
module ieframe.dll, version 7.0.6000.16981, fault address 0x000c50a8.

Error - 2/20/2010 1:45:06 AM | Computer Name = LIKE_UNTO_US | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16981, faulting
module ieframe.dll, version 7.0.6000.16981, fault address 0x000c50a8.

Error - 2/20/2010 1:54:58 AM | Computer Name = LIKE_UNTO_US | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16981, faulting
module ieframe.dll, version 7.0.6000.16981, fault address 0x000c50a8.

Error - 2/20/2010 2:10:00 AM | Computer Name = LIKE_UNTO_US | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16981, faulting
module ieframe.dll, version 7.0.6000.16981, fault address 0x000c50a8.

Error - 2/20/2010 2:13:53 AM | Computer Name = LIKE_UNTO_US | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16981, faulting
module ieframe.dll, version 7.0.6000.16981, fault address 0x000c50a8.

[ System Events ]
Error - 2/15/2010 2:56:18 PM | Computer Name = LIKE_UNTO_US | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 2/15/2010 2:56:18 PM | Computer Name = LIKE_UNTO_US | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the mcmscsvc service.

Error - 2/15/2010 5:21:23 PM | Computer Name = LIKE_UNTO_US | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.102 for the Network Card with network
address 0014A41446FA has been denied by the DHCP server 192.168.1.2 (The DHCP Server
sent a DHCPNACK message).

Error - 2/15/2010 5:22:43 PM | Computer Name = LIKE_UNTO_US | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 2/16/2010 3:37:18 AM | Computer Name = LIKE_UNTO_US | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 2/17/2010 7:20:06 PM | Computer Name = LIKE_UNTO_US | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 2/17/2010 7:21:18 PM | Computer Name = LIKE_UNTO_US | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 2/18/2010 10:21:00 PM | Computer Name = LIKE_UNTO_US | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 2/18/2010 10:21:56 PM | Computer Name = LIKE_UNTO_US | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 2/18/2010 10:21:56 PM | Computer Name = LIKE_UNTO_US | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the mcmscsvc service.


< End of report >


#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:33 PM

Posted 20 February 2010 - 12:30 PM

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    Link 1
    Link 2





    --------------------------------------------------------------------
  • Double click on Syler.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt .

Edited by syler, 20 February 2010 - 12:30 PM.

unite.jpg


#7 Mewten

Mewten
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 21 February 2010 - 12:37 AM

Alright done. It ran just fine. I couldn't disable Mcafee because it said it had finished updating and needed to restart before I could access the security center. I just went on with Combofix though. I updated it to the latest version and let it scan. While it was scanning Mcafee apparently found a few trojans and removed them. And Combofix says it removed some things as well. With any luck I'm no longer infected.

Either way this virus has fought hard and I wouldn't be surprised to see it still around so I'll let you know if anything comes up I haven't really tried running Firefox much yet since this happened. I came directly here.

ComboFix 10-02-20.04 - Paul McCarl 02/20/2010 21:56:28.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1150.547 [GMT -7:00]
Running from: c:\documents and settings\Paul McCarl\Desktop\Syler.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\AutoRun.inf
c:\windows\system32\autorun.ini
c:\windows\system32\baguteja.dll
c:\windows\system32\baporowo.dll
c:\windows\system32\betipafe.dll
c:\windows\system32\buyetuza.dll
c:\windows\system32\dukotova.dll
c:\windows\system32\falozogi.dll
c:\windows\system32\fikisezi.dll
c:\windows\system32\fiyakuzu.dll
c:\windows\system32\fupuvuyu.dll
c:\windows\system32\ganizoni.dll
c:\windows\system32\gejekoyu.dll
c:\windows\system32\gijareso.dll
c:\windows\system32\gizehure.dll
c:\windows\system32\gubitahu.dll
c:\windows\system32\guvuzefo.dll
c:\windows\system32\hukodare.dll
c:\windows\system32\jazehode.dll
c:\windows\system32\jiwirido.dll
c:\windows\system32\joretido.dll
c:\windows\system32\kokemabo.dll
c:\windows\system32\kujonuva.dll
c:\windows\system32\kuyubuza.dll
c:\windows\system32\litikene.dll
c:\windows\system32\lowagaje.dll
c:\windows\system32\lululune.dll
c:\windows\system32\miperuwo.dll
c:\windows\system32\natavepo.dll.tmp
c:\windows\system32\nezapivu.dll
c:\windows\system32\nufiginu.dll.tmp
c:\windows\system32\nuvebode.dll
c:\windows\system32\redonuta.dll
c:\windows\system32\ruhefife.dll
c:\windows\system32\ruperapi.dll
c:\windows\system32\sapayuse.dll
c:\windows\system32\sonudodu.dll
c:\windows\system32\suliweya.dll
c:\windows\system32\telekena.dll
c:\windows\system32\tiwowugi.dll
c:\windows\system32\torazovi.dll
c:\windows\system32\tuvojeto.dll
c:\windows\system32\twain_32.dll
c:\windows\system32\vivodiha.dll
c:\windows\system32\vohetufa.dll
c:\windows\system32\werihova.dll.tmp
c:\windows\system32\yadihoni.dll
c:\windows\system32\zamivoru.dll
c:\windows\system32\zedozugu.dll
c:\windows\system32\zewadora.dll
c:\windows\Tasks\ezgjmmbm.job
c:\windows\Temp\0200451266683622mcinst.exe
c:\windows\Temp\0293811266716584mcinst.exe
c:\windows\Uninstall.ini

----- BITS: Possible infected sites -----

hxxp://82.98.235.39
.
((((((((((((((((((((((((( Files Created from 2010-01-21 to 2010-02-21 )))))))))))))))))))))))))))))))
.

2010-02-21 01:42 . 2010-02-21 01:42 -------- d-----w- c:\windows\LastGood.Tmp
2010-02-21 01:28 . 2010-02-21 01:28 -------- d-----w- C:\FOUND.001
2010-02-20 23:29 . 2010-02-20 23:29 -------- d-----w- C:\FOUND.000
2010-02-20 06:07 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-20 06:07 . 2010-02-20 06:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-20 06:07 . 2010-02-20 06:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-20 06:07 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-20 02:52 . 2010-02-20 02:52 100352 --sha-w- c:\windows\system32\fojawuka.dll
2010-02-18 08:03 . 2010-02-18 08:03 -------- d-----w- c:\documents and settings\Paul McCarl\Application Data\MilkShape 3D 1.x.x
2010-02-14 05:14 . 2010-02-14 05:14 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPAppData
2010-02-13 23:49 . 2010-02-13 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-13 18:21 . 2010-02-15 18:35 25 ----a-w- c:\windows\popcinfot.dat
2010-02-13 18:08 . 2010-02-13 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games
2010-02-13 16:47 . 2010-02-13 16:47 260824 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-13 16:46 . 2010-02-13 16:46 -------- d-----w- c:\windows\system32\XPSViewer
2010-02-13 16:46 . 2010-02-13 16:46 -------- d-----w- c:\program files\MSBuild
2010-02-13 16:46 . 2010-02-13 16:46 11264 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\PSS28BC5.DLL
2010-02-13 16:46 . 2010-02-13 16:46 -------- d-----w- c:\program files\Reference Assemblies
2010-02-13 16:45 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-02-13 16:43 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-02-13 16:43 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-02-13 16:43 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-02-13 16:43 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-02-13 16:43 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-02-13 16:43 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-02-13 16:43 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-02-13 16:43 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-02-13 04:59 . 2010-02-13 04:59 -------- d-----w- c:\documents and settings\Paul McCarl\Application Data\MusE
2010-02-13 04:58 . 2010-02-13 04:58 -------- d-----w- c:\documents and settings\Paul McCarl\Local Settings\Application Data\MusE
2010-02-13 04:57 . 2010-02-13 04:57 -------- d-----w- c:\program files\MuseScore 0.9
2010-02-12 21:50 . 2010-02-12 21:50 -------- d-----w- c:\documents and settings\Paul McCarl\Application Data\Screaming Bee
2010-02-09 00:05 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-19 02:24 . 2005-10-18 23:17 119656 ----a-w- c:\documents and settings\Paul McCarl\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-18 13:55 . 2005-03-07 17:16 12 ----a-w- c:\windows\bthservsdp.dat
2010-02-15 18:48 . 2008-08-25 05:06 256 ----a-w- c:\windows\system32\pool.bin
2010-01-05 10:00 . 1980-01-01 07:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 1980-01-01 07:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 1980-01-01 07:00 17408 ------w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 1980-01-01 07:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-16 18:43 . 2005-03-07 16:43 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 1980-01-01 07:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-04 18:22 . 1980-01-01 07:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-01 22:49 . 2009-12-01 22:49 34384 ----a-w- c:\windows\system32\drivers\ScreamingBAudio.sys
2009-11-27 17:11 . 2004-08-04 07:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11 . 1980-01-01 07:00 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07 . 2001-08-18 05:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 1980-01-01 07:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2004-08-04 07:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 1980-01-01 07:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 1980-01-01 07:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2008-04-05 07:03 . 2008-04-05 07:03 444 ----a-w- c:\program files\Shortcut to DupFinder.exe.lnk
2007-12-01 22:32 . 2008-04-05 07:01 237568 ----a-w- c:\program files\DupFinder.exe
2002-07-27 00:02 . 2008-09-19 06:09 153088 ----a-w- c:\program files\UNWISE.EXE
2006-05-03 10:06 . 2008-05-11 08:12 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2008-05-11 08:12 31232 --sh--r- c:\windows\system32\msfDX.dll
2007-12-17 13:43 . 2008-05-11 08:12 27648 --sh--w- c:\windows\system32\Smab0.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2008-02-29 132392]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"SoundMan"="SOUNDMAN.EXE" [2005-02-24 77824]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 88363]
"SiSPower"="SiSPower.dll" [2005-02-26 49152]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2005-03-04 32768]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PCMService"="c:\program files\Arcade\PCMService.exe" [2005-03-10 49152]
"LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2005-03-28 315392]
"eRecoveryService"="c:\windows\System32\Check.exe" [2005-03-23 245760]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"WinDVR SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-09-09 106496]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-29 413696]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-15 136600]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 623992]
"OneTouch Monitor"="c:\program files\Visioneer OneTouch\OneTouchMon.exe" [2001-09-10 86016]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2007-01-23 81920]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2006-10-16 202312]

c:\documents and settings\Paul McCarl\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-6-11 59080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-3-7 331776]
HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
BlackBerry Desktop Redirector.lnk - c:\program files\Research In Motion\BlackBerry\Redirector.exe [2007-5-31 1319024]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\palmOne\\Hotsync.exe"=
"c:\\WINDOWS\\System32\\dplaysvr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"6112:TCP"= 6112:TCP:6112
"6112:UDP"= 6112:UDP:6112

R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [4/8/2008 9:07 PM 23200]
S3 PhTVTune;Zurotech WDM TVTuner;c:\windows\system32\drivers\Silicon.sys [1/31/2006 1:49 PM 28224]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [12/1/2009 3:49 PM 34384]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-09-04 19:22]

2010-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-09-04 19:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Paul McCarl\Application Data\Mozilla\Firefox\Profiles\pr952ioy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&tab=nw&source=iglk
FF - plugin: c:\documents and settings\Paul McCarl\Application Data\Mozilla\Firefox\Profiles\pr952ioy.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07074039.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- File Associations -------
.
txtfile="c:\program files\JGsoft\EditPadLite\EditPadLite.exe" "%1"
.
- - - - ORPHANS REMOVED - - - -

BHO-{083d825a-96da-4e2e-a6ad-519736841a15} - boyesofo.dll
HKLM-Run-rotatigov - c:\windows\system32\kuyubuza.dll
SharedTaskScheduler-{5e0ac2d8-7af9-4a1e-8bda-2c182bb624ef} - c:\windows\system32\kuyubuza.dll
SSODL-woyojazat-{6d95d1ea-bca9-4984-901d-058f762abcf6} - (no file)
SSODL-vojemoser-{5e0ac2d8-7af9-4a1e-8bda-2c182bb624ef} - c:\windows\system32\kuyubuza.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-20 22:15
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc28.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2580)
c:\windows\system32\WININET.dll
c:\progra~1\PHAROS~1\CORE\PRNTRACK.DLL
c:\program files\CyberLink\Shared Files\CLRCEngine.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\IEFRAME.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\acer\eManager\anbmServ.exe
c:\windows\SOUNDMAN.EXE
c:\windows\AGRSMMSG.exe
c:\windows\system32\Rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\Logi_MwX.Exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft ActiveSync\Wcescomm.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\progra~1\PHAROS~1\CORE\CTSKMSTR.EXE
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\acer\eRecovery\Monitor.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\Java\jre6\bin\jucheck.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
.
**************************************************************************
.
Completion time: 2010-02-20 22:24:35 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-21 05:24

Pre-Run: 1,008,664,576 bytes free
Post-Run: 1,059,979,264 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - AFBC0E273F7403D5E9F21805C71689FC


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:33 PM

Posted 21 February 2010 - 03:49 PM

Hi,

That look better but your not quite clean yet.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

CODE
Collect::
c:\windows\system32\fojawuka.dll
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"=-
"6112:UDP"=-


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 18 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, Aclick on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Also please try and run MBAM again and see if it will now work, then post back with the following.
  • Combofix.txt
  • Kaspersky report
  • MBAM log

Thanks

unite.jpg


#9 Mewten

Mewten
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 24 February 2010 - 01:03 AM

Alright good news! ComboFix found something new and deleted it. This time I had McaFee disabled. And Malwarebytes' Anti-Malware installed successfully. here's my log files:

Combofix:

ComboFix 10-02-23.03 - Paul McCarl 02/23/2010 15:38:18.2.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1150.461 [GMT -7:00]
Running from: c:\documents and settings\Paul McCarl\Desktop\Syler.exe
Command switches used :: c:\documents and settings\Paul McCarl\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

file zipped: c:\windows\system32\fojawuka.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\fojawuka.dll

.
((((((((((((((((((((((((( Files Created from 2010-01-23 to 2010-02-23 )))))))))))))))))))))))))))))))
.

2010-02-23 22:29 . 2010-02-23 22:29 -------- d-----w- c:\windows\LastGood
2010-02-23 22:23 . 2010-02-23 22:23 152576 ----a-w- c:\documents and settings\Paul McCarl\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-21 01:28 . 2010-02-21 01:28 -------- d-----w- C:\FOUND.001
2010-02-20 23:29 . 2010-02-20 23:29 -------- d-----w- C:\FOUND.000
2010-02-20 06:07 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-20 06:07 . 2010-02-20 06:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-20 06:07 . 2010-02-20 06:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-20 06:07 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-18 08:03 . 2010-02-18 08:03 -------- d-----w- c:\documents and settings\Paul McCarl\Application Data\MilkShape 3D 1.x.x
2010-02-14 05:14 . 2010-02-14 05:14 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPAppData
2010-02-13 23:49 . 2010-02-13 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-13 18:21 . 2010-02-15 18:35 25 ----a-w- c:\windows\popcinfot.dat
2010-02-13 18:08 . 2010-02-13 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games
2010-02-13 16:46 . 2010-02-13 16:46 -------- d-----w- c:\windows\system32\XPSViewer
2010-02-13 16:46 . 2010-02-13 16:46 -------- d-----w- c:\program files\MSBuild
2010-02-13 16:46 . 2010-02-13 16:46 11264 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\PSS28BC5.DLL
2010-02-13 16:46 . 2010-02-13 16:46 -------- d-----w- c:\program files\Reference Assemblies
2010-02-13 16:45 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-02-13 16:43 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-02-13 16:43 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-02-13 16:43 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-02-13 16:43 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-02-13 16:43 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-02-13 16:43 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-02-13 16:43 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-02-13 16:43 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-02-13 04:59 . 2010-02-13 04:59 -------- d-----w- c:\documents and settings\Paul McCarl\Application Data\MusE
2010-02-13 04:58 . 2010-02-13 04:58 -------- d-----w- c:\documents and settings\Paul McCarl\Local Settings\Application Data\MusE
2010-02-13 04:57 . 2010-02-13 04:57 -------- d-----w- c:\program files\MuseScore 0.9
2010-02-12 21:50 . 2010-02-12 21:50 -------- d-----w- c:\documents and settings\Paul McCarl\Application Data\Screaming Bee
2010-02-09 00:05 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-23 22:23 . 2009-12-31 01:11 79488 ----a-w- c:\documents and settings\Paul McCarl\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-21 06:57 . 2005-03-07 17:16 12 ----a-w- c:\windows\bthservsdp.dat
2010-02-19 02:24 . 2005-10-18 23:17 119656 ----a-w- c:\documents and settings\Paul McCarl\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-15 18:48 . 2008-08-25 05:06 256 ----a-w- c:\windows\system32\pool.bin
2010-01-05 10:00 . 1980-01-01 07:00 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 1980-01-01 07:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 1980-01-01 07:00 17408 ------w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 1980-01-01 07:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-16 18:43 . 2005-03-07 16:43 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 1980-01-01 07:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-04 18:22 . 1980-01-01 07:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-01 22:49 . 2009-12-01 22:49 34384 ----a-w- c:\windows\system32\drivers\ScreamingBAudio.sys
2009-11-27 17:11 . 2004-08-04 07:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11 . 1980-01-01 07:00 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07 . 2001-08-18 05:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 1980-01-01 07:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2004-08-04 07:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 1980-01-01 07:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 1980-01-01 07:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2008-04-05 07:03 . 2008-04-05 07:03 444 ----a-w- c:\program files\Shortcut to DupFinder.exe.lnk
2007-12-01 22:32 . 2008-04-05 07:01 237568 ----a-w- c:\program files\DupFinder.exe
2002-07-27 00:02 . 2008-09-19 06:09 153088 ----a-w- c:\program files\UNWISE.EXE
2006-05-03 10:06 . 2008-05-11 08:12 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2008-05-11 08:12 31232 --sh--r- c:\windows\system32\msfDX.dll
2007-12-17 13:43 . 2008-05-11 08:12 27648 --sh--w- c:\windows\system32\Smab0.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2008-02-29 132392]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"SoundMan"="SOUNDMAN.EXE" [2005-02-24 77824]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 88363]
"SiSPower"="SiSPower.dll" [2005-02-26 49152]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2005-03-04 32768]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PCMService"="c:\program files\Arcade\PCMService.exe" [2005-03-10 49152]
"LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2005-03-28 315392]
"eRecoveryService"="c:\windows\System32\Check.exe" [2005-03-23 245760]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"WinDVR SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-09-09 106496]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-29 413696]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-15 136600]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 623992]
"OneTouch Monitor"="c:\program files\Visioneer OneTouch\OneTouchMon.exe" [2001-09-10 86016]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2007-01-23 81920]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2006-10-16 202312]

c:\documents and settings\Paul McCarl\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-6-11 59080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-3-7 331776]
HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
BlackBerry Desktop Redirector.lnk - c:\program files\Research In Motion\BlackBerry\Redirector.exe [2007-5-31 1319024]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\palmOne\\Hotsync.exe"=
"c:\\WINDOWS\\System32\\dplaysvr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [4/8/2008 9:07 PM 23200]
S2 0067911266729735mcinstcleanup;McAfee Application Installer Cleanup (0067911266729735);c:\windows\TEMP\006791~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\006791~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 PhTVTune;Zurotech WDM TVTuner;c:\windows\system32\drivers\Silicon.sys [1/31/2006 1:49 PM 28224]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [12/1/2009 3:49 PM 34384]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 0067911266729735MCINSTCLEANUP
*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-09-04 19:22]

2010-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-09-04 19:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Paul McCarl\Application Data\Mozilla\Firefox\Profiles\pr952ioy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&tab=nw&source=iglk
FF - plugin: c:\documents and settings\Paul McCarl\Application Data\Mozilla\Firefox\Profiles\pr952ioy.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07074039.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-23 15:50
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc28.tmp"
.
Completion time: 2010-02-23 15:52:50
ComboFix-quarantined-files.txt 2010-02-23 22:52
ComboFix2.txt 2010-02-21 05:24

Pre-Run: 409,927,680 bytes free
Post-Run: 561,348,608 bytes free

- - End Of File - - B191DDAD05D0DAE525309E5F23366A09
Upload was successful

----------------

MBAM LOG:

Malwarebytes' Anti-Malware 1.44
Database version: 3781
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/23/2010 4:16:58 PM
mbam-log-2010-02-23 (16-16-57).txt

Scan type: Quick Scan
Objects scanned: 134152
Time elapsed: 9 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

----------------

I'll post the Kapersky log tomorrow. It's gone 2 hours and has only hit 33% so I'll let it run overnight.


#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:33 PM

Posted 24 February 2010 - 12:29 PM

Great that's looking ok I will await the Kaspersky report.

unite.jpg


#11 Mewten

Mewten
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 24 February 2010 - 07:38 PM

Alright I'll just tell you what I got from Kapersky. It got to 50% last night and had found nothing. But I went to bed after that point and when I awoke my computer had restarted so I assume it was a forced Windows Update, the kind that say your computer will reboot in 15 minutes unless you click a button. So I tried again today but on Critical areas because I thought it might be faster. But it got to 6% after an hour and froze. It's been an hour since then and it's time counter and percentage hasn't moved. It said it didn't find anything in that 6%. The only reason I can think of for it stopping is because this laptop is using wireless internet and I don't have anywhere to hook it up to a wired connection. My internet is DSL so that may be the cause of it going so slow. Either way it seems everything else has found my pc clean. It may just be safe to say I'm clean now and move on to helping someone else.

I appreciate all the help you've given me. I'll keep trying to run the scan though.

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:33 PM

Posted 24 February 2010 - 07:44 PM

Kaspersky can be like this sometimes, Can you run DDS again and post the log for one last check.

unite.jpg


#13 Mewten

Mewten
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 25 February 2010 - 01:15 AM

Alrighty well here you go:

DDS.txt:


DDS (Ver_09-12-01.01) - FAT32x86
Run by Paul McCarl at 23:09:19.71 on Wed 02/24/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1150.410 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\PROGRA~1\PHAROS~1\CORE\CTSKMSTR.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Paul McCarl\Desktop\dds.scr
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [LaunchList] c:\program files\pinnacle\studio 11\LaunchList2.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [SiS Windows KeyHook] c:\windows\system32\keyhook.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PCMService] "c:\program files\arcade\PCMService.exe"
mRun: [LManager] c:\program files\launch manager\QtZgAcer.EXE
mRun: [eRecoveryService] c:\windows\system32\Check.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [WinDVR SchSvr] "c:\program files\common files\intervideo\schsvr\SchSvr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [OneTouch Monitor] c:\program files\visioneer onetouch\OneTouchMon.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [USBToolTip] "c:\program files\pinnacle\shared files\programs\usbtip\USBTip.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
StartupFolder: c:\docume~1\paulmc~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blackb~1.lnk - c:\program files\research in motion\blackberry\Redirector.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - {628A3E94-1B5F-48c1-9487-71082189C019} - c:\program files\isilo\isilox\iSiloXIE.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\paulmc~1\applic~1\mozilla\firefox\profiles\pr952ioy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&tab=nw&source=iglk
FF - plugin: c:\documents and settings\paul mccarl\application data\mozilla\firefox\profiles\pr952ioy.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07074039.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-9-4 214664]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-6-25 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-9-4 144704]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2008-4-8 23200]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-9-4 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-9-4 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-9-4 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-9-4 40552]
S2 0067911266729735mcinstcleanup;McAfee Application Installer Cleanup (0067911266729735);c:\windows\temp\006791~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\006791~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-9-4 34248]
S3 PhTVTune;Zurotech WDM TVTuner;c:\windows\system32\drivers\Silicon.sys [2006-1-31 28224]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-1 34384]

============== File Associations ===============

txtfile="c:\program files\jgsoft\editpadlite\EditPadLite.exe" "%1"

=============== Created Last 30 ================

2010-02-25 01:12:52 0 d-----w- c:\docume~1\paulmc~1\applic~1\HorizonWimba
2010-02-25 00:42:06 0 d-sh--w- c:\documents and settings\paul mccarl\IETldCache
2010-02-24 22:49:17 69120 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-02-24 22:47:42 0 d-----w- c:\windows\ie8updates
2010-02-24 22:45:30 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-24 22:45:30 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-02-24 22:37:50 0 d--h--w- c:\windows\ie8
2010-02-24 07:01:18 0 d-sh--w- C:\Recycled
2010-02-23 23:29:52 0 d-----w- c:\program files\Sun
2010-02-23 23:03:08 0 d-----w- c:\docume~1\paulmc~1\applic~1\Malwarebytes
2010-02-21 16:05:22 1089593 ------w- c:\windows\system32\dllcache\ntprint.cat
2010-02-21 04:53:51 0 d-sha-r- C:\cmdcons
2010-02-21 04:42:16 77312 ----a-w- c:\windows\MBR.exe
2010-02-21 04:42:11 261632 ----a-w- c:\windows\PEV.exe
2010-02-21 04:42:10 98816 ----a-w- c:\windows\sed.exe
2010-02-21 04:42:10 161792 ----a-w- c:\windows\SWREG.exe
2010-02-21 01:28:06 0 d-----w- C:\FOUND.001
2010-02-20 23:29:16 0 d-----w- C:\FOUND.000
2010-02-20 06:07:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-20 06:07:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-20 06:07:21 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-20 06:07:21 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-18 08:03:28 0 d-----w- c:\docume~1\paulmc~1\applic~1\MilkShape 3D 1.x.x
2010-02-13 23:49:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-02-13 18:21:39 25 ----a-w- c:\windows\popcinfot.dat
2010-02-13 18:08:01 0 d-----w- c:\docume~1\alluse~1\applic~1\PopCap Games
2010-02-13 16:49:58 6456 ---ha-w- c:\windows\system32\pekebiji
2010-02-13 16:46:52 0 d-----w- c:\windows\system32\XPSViewer
2010-02-13 16:43:53 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-02-13 16:43:53 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-02-13 16:43:53 117760 ------w- c:\windows\system32\prntvpt.dll
2010-02-13 16:43:52 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-02-13 16:43:52 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-02-13 16:43:51 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-02-13 16:43:51 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-02-13 04:59:21 0 d-----w- c:\docume~1\paulmc~1\applic~1\MusE
2010-02-13 04:57:25 0 d-----w- c:\program files\MuseScore 0.9
2010-02-12 21:50:40 0 d-----w- c:\docume~1\paulmc~1\applic~1\Screaming Bee
2010-02-09 00:05:57 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

==================== Find3M ====================

2010-02-23 23:29:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-05 10:00:22 133120 ------w- c:\windows\system32\dllcache\extmgr.dll
2009-12-31 16:50:04 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 16:50:04 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-12-21 19:14:06 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-21 19:14:06 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2009-12-21 19:14:06 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-12-21 19:14:04 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-21 19:14:04 5942784 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-12-21 19:14:04 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-21 19:14:04 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2009-12-21 19:14:04 206848 ------w- c:\windows\system32\dllcache\occache.dll
2009-12-21 19:14:04 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-12-21 19:14:04 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2009-12-21 19:14:02 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2009-12-21 19:14:02 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-16 18:43:28 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 18:43:28 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08:24 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-14 07:08:24 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-08 19:27:52 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 19:27:52 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-08 19:26:16 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-08 18:43:52 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-08 09:23:28 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2009-12-04 18:22:22 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11:44 1291776 ------w- c:\windows\system32\dllcache\quartz.dll
2009-11-27 16:07:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:36 8704 ----a-w- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:07:36 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:36 28672 ----a-w- c:\windows\system32\dllcache\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07:34 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
2008-04-05 07:03:08 444 ----a-w- c:\program files\Shortcut to DupFinder.exe.lnk
2007-12-01 22:32:16 237568 ----a-w- c:\program files\DupFinder.exe
2002-07-27 00:02:06 153088 ----a-w- c:\program files\UNWISE.EXE
2001-09-10 16:00:26 139264 ----a-w- c:\windows\inf\i386\Rtscan.dll
2001-09-10 15:10:36 61440 ----a-w- c:\windows\inf\i386\onetUSD.dll
2001-08-18 01:43:24 32768 ----a-w- c:\windows\inf\i386\Wiamicro.dll
2001-08-04 01:29:18 13824 ----a-w- c:\windows\inf\i386\usbscan.sys
2001-06-29 15:10:24 163840 ----a-w- c:\windows\inf\i386\viceo.dll
2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2007-12-17 13:43:00 27648 --sh--w- c:\windows\system32\Smab0.dll
2008-09-04 23:54:04 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905\index.dat

============= FINISH: 23:11:17.37 ===============

Attached Files



#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:33 PM

Posted 25 February 2010 - 04:25 PM

That looks fine although you still have some older versions of Java installed, you can use JavaRa to clean these up.


Please download JavaRa and unzip it to your desktop.
Then Print these instructions as you won't have Internet access during this particular phase.

Close any instances of Internet Explorer before continuing
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English or the appropriate language...and click on Select.
  • JavaRa will open; Select Remove Older Versions, click yes, then ok.
  • A logfile will pop up, you can close it.
  • Now select Additional Tasks and check the following:
    Remove Useless JRE Files
    Remove Startup Entry
  • Click Go then ok to all the prompts, once done restart your computer.


Uninstall ComboFix
  • Click START then RUN
  • Now type Combofix /uninstall in the run box and click OK. Note the space between the X and the /, it needs to be there.



Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Congratulations! You now appear clean! thumbup.gif

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Keeping Windows updated
It is extremley important to keep windows upto date with the latest service pack and patches. This will prevent you
from getting the malware which uses vulnerabilities found in windows to exploit your computer. The easiest way to
do this this is by making sure that Automatic Updates are always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Update your AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not
update your antivirus software then it will not be able to catch any of the new variants that may come out. If you
use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your
subscription runs out, you may not be able to update the programs virus definitions.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly
patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Install a Firewall
I can not stress how important it is that you use a third party Firewall on your computer. Without a firewall your computer is
succeptible to being hacked and taken over. Windows firewall is good for blocking inbound connections but it does not block
outbound connections. So if Malware manages to get onto your computer it will be able to send data out when it wants.
Here are some free firewalls I would recomend, only install one of these.

Zone Alarm
comodo..........Note: Only Install the Firewall as a standalone if you already have an AntiVirus installed on your computer.

After you install the third party firewall, please disable your Windows firewall. Please go to My Computer >> Control Panel >> Windows Firewall
and choose Off (not recommended) option. Then click Apply and Ok.

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you
from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions below.

http://www.mvps.org/winhelp2002/hosts.htm

Update all these programs regularly
Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing smile.gif
Syler

unite.jpg


#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:33 PM

Posted 26 February 2010 - 08:54 PM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users