Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Antivirus suite virus


  • This topic is locked This topic is locked
10 replies to this topic

#1 clarkmccall

clarkmccall

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 02 April 2010 - 12:57 AM

I am running Win XP on my 5 year old computer. No problems before this. But yesterday I got what appears to be the ransomware program that puts up warnings about files being infected and interferes with other programs. I followed the posted instructions for removing this (run rkill.exe, then malwarebytes anti-malware. What happened for me was that rkill appeared to run, at least one time, but Anti-malware will not run. It appears that the virus is not being stopped by rkill and is active enough to prevent Anti-malware from running. I just tried this again with same results. Here is DDS log. I tried to get a gmer log, but while I had it running once and stopped it, now it won't run due to the virus interferring with it. Any advice? Is someone working on a more effective version of rkill?


DDS (Ver_10-03-17.01) - NTFSx86
Run by Compaq_Administrator at 0:28:51.95 on Fri 04/02/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.532 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\DynDNS Updater\DynUpSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\SSC Service Utility\SSC Service Utility\ssc_serv.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe
C:\Documents and Settings\Linda\Local Settings\Application Data\maimpdhqs\jhapowhtssd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\DynDNS Updater\DynTray.exe
C:\Program Files\palm\Hotsync.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: UrlHelper Class: {474597c5-ab09-49d6-a4d5-2e8d7341384e} - c:\program files\imesh applications\mediabar\datamngr\IEBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\program files\imesh applications\mediabar\toolbar\iMeshMediaBarDx.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\program files\imesh applications\mediabar\toolbar\iMeshMediaBarDx.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe"
mRun: [SSC Service Utility] c:\program files\ssc service utility\ssc service utility\ssc_serv.exe /s
mRun: [WinVNC] "c:\program files\tightvnc\WinVNC.exe" -servicehelper
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [DataMngr] c:\program files\imesh applications\mediabar\datamngr\DataMngrUI.exe
mRun: [uediqgfw] c:\documents and settings\linda\local settings\application data\maimpdhqs\jhapowhtssd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\datavi~1.lnk - c:\program files\common files\dataviz\DvzIncMsgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dyndns~1.lnk - c:\program files\dyndns updater\DynTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\person~1.lnk - c:\program files\broderbund\mavis beacon teaches typing 15\minimavis.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install-ie/alttiff.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/42.20/uploader2.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\35pfou4u.default\
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-3-31 217032]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-13 214664]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-3-31 112592]
R2 DynDNS Updater;DynDNS Updater;c:\program files\dyndns updater\DynUpSvc.exe [2008-6-23 65536]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-7-12 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-7-12 359952]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-7-12 144704]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-7-12 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-7-12 35272]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-7-12 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-7-12 40552]
S3 STVqx3;Intel Play QX3 Microscope;c:\windows\system32\drivers\STVqx3.SYS [2006-9-24 131776]
S3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\drivers\usb2vcom.sys [2006-9-1 28928]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-7-12 606736]

=============== Created Last 30 ================

2010-04-02 00:25:38 98816 ----a-w- c:\windows\sed.exe
2010-04-02 00:25:38 77312 ----a-w- c:\windows\MBR.exe
2010-04-02 00:25:38 261632 ----a-w- c:\windows\PEV.exe
2010-04-02 00:25:38 161792 ----a-w- c:\windows\SWREG.exe
2010-04-02 00:25:28 0 d-----w- C:\ComboFix
2010-04-01 02:09:55 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-04-01 02:09:55 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-01 02:09:45 0 d-----w- c:\program files\Spyware Doctor
2010-04-01 02:09:45 0 d-----w- c:\program files\common files\PC Tools
2010-04-01 02:09:45 0 d-----w- c:\docume~1\compaq~1\applic~1\PC Tools
2010-04-01 02:09:45 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-04-01 01:35:32 0 d-----w- c:\docume~1\compaq~1\applic~1\imeshmediabartb
2010-03-28 16:50:35 0 d-----w- c:\docume~1\alluse~1\applic~1\23BB
2010-03-22 02:46:35 0 d-----w- c:\docume~1\alluse~1\applic~1\23369
2010-03-14 22:06:26 3248 ----a-w- c:\windows\system32\wbem\Outlook_01cac3c297118ee4.mof
2010-03-14 21:32:50 23392 ----a-w- c:\windows\system32\nscompat.tlb
2010-03-14 21:32:50 16832 ----a-w- c:\windows\system32\amcompat.tlb
2010-03-14 01:39:09 4169728 ----a-r- c:\windows\system32\cdintf400.dll
2010-03-14 01:38:57 0 d-----w- c:\program files\Final Draft Tagger
2010-03-14 01:38:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Final Draft
2010-03-14 01:38:45 0 d-----w- c:\program files\Final Draft 8
2010-03-10 23:38:38 50 ----a-w- c:\windows\cdplayer.ini
2010-03-10 23:09:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 13:48:08 0 d-----w- c:\program files\DVDFab 6
2010-03-10 13:28:38 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

==================== Find3M ====================

2010-03-22 02:45:51 52732 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-10 15:36:36 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-25 15:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-05 13:17:56 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-22 13:56:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-01-22 13:56:24 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-01-22 13:56:24 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-01-22 13:55:54 767952 ----a-w- c:\windows\BDTSupport.dll
2009-12-24 05:48:56 389632 ----a-w- c:\program files\capture.exe
2007-12-31 14:42:51 22 --sha-w- c:\windows\sminst\HPCD.sys
2009-10-17 18:44:54 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-07-12 04:17:59 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009071220090713\index.dat

============= FINISH: 0:29:57.26 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:20 PM

Posted 06 April 2010 - 12:23 PM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since
resolved your issues I would appreciate if you would let me no so I can close this topic.


I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Spyware Doctor or McAfee.




Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application. (If you still can't get it to run try renaming it to anything.exe)
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


  1. Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  2. Disconnect from the Internet and close all running programs, as this process may crash your computer.
  3. Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  4. Double click on Gmer to run it.
  5. Allow the gmer.sys driver to load if asked.
  6. You may see a rootkit warning window, If you do, click No.
  7. Untick the following boxes on the right side of the Gmer screen.
    Sections
    IAT/EAT
    Files
    Show All
  8. Click on and wait for the scan to finish.
  9. If you see a rootkit warning window, click OK.
  10. Push and save the logfile to your desktop.
  11. Copy and Paste the contents of that file in your next post.



Then please post back here with the following:
  • MBAM log
  • Gmer log
  • New DDS log

Thanks

unite.jpg


#3 clarkmccall

clarkmccall
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 10 April 2010 - 06:56 PM

Hi Syler,
Here are the logs as requested. Thanks for the help. I know you are busy.
Clark

Here is the MBAM log.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/10/2010 4:16:05 PM
mbam-log-2010-04-10 (16-16-05).txt

Scan type: Quick scan
Objects scanned: 157145
Time elapsed: 28 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

End of MBAM log.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-10 16:53:23
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\kfdoqpoc.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF33F978A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF33F9738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF33F974C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF33F97CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF33F9710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF33F9724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF33F979E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF33F9776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF33F9762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF33F97F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF33F97E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF33F97B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{64ED9138-F6D6-D13C-72F8-76D0C8D26E76}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
Reg HKLM\SOFTWARE\Classes\CLSID\{64ED9138-F6D6-D13C-72F8-76D0C8D26E76}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}@
Reg HKLM\SOFTWARE\Classes\CLSID\{64ED9138-F6D6-D13C-72F8-76D0C8D26E76}\InprocServer32@ C:\WINDOWS\system32\scrobj.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{64ED9138-F6D6-D13C-72F8-76D0C8D26E76}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{64ED9138-F6D6-D13C-72F8-76D0C8D26E76}\ProgID@ ScriptletHandler.Behavior
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----

DDS log follows.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Compaq_Administrator at 16:54:16.75 on Sat 04/10/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.569 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DynDNS Updater\DynUpSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TightVNC\WinVNC.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\SSC Service Utility\SSC Service Utility\ssc_serv.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\DynDNS Updater\DynTray.exe
C:\Program Files\palm\Hotsync.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
F:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
BHO: UrlHelper Class: {474597c5-ab09-49d6-a4d5-2e8d7341384e} - c:\program files\imesh applications\mediabar\datamngr\IEBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\program files\imesh applications\mediabar\toolbar\iMeshMediaBarDx.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\program files\imesh applications\mediabar\toolbar\iMeshMediaBarDx.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe"
mRun: [SSC Service Utility] c:\program files\ssc service utility\ssc service utility\ssc_serv.exe /s
mRun: [WinVNC] "c:\program files\tightvnc\WinVNC.exe" -servicehelper
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [DataMngr] c:\program files\imesh applications\mediabar\datamngr\DataMngrUI.exe
mRun: [uediqgfw] c:\documents and settings\linda\local settings\application data\maimpdhqs\jhapowhtssd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\datavi~1.lnk - c:\program files\common files\dataviz\DvzIncMsgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dyndns~1.lnk - c:\program files\dyndns updater\DynTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\person~1.lnk - c:\program files\broderbund\mavis beacon teaches typing 15\minimavis.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install-ie/alttiff.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/42.20/uploader2.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\35pfou4u.default\
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-13 214664]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 DynDNS Updater;DynDNS Updater;c:\program files\dyndns updater\DynUpSvc.exe [2008-6-23 65536]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-7-12 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-7-12 359952]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-7-12 144704]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-7-12 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-7-12 35272]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-7-12 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-7-12 40552]
S3 STVqx3;Intel Play QX3 Microscope;c:\windows\system32\drivers\STVqx3.SYS [2006-9-24 131776]
S3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\drivers\usb2vcom.sys [2006-9-1 28928]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-7-12 606736]

=============== Created Last 30 ================

2010-04-10 17:34:31 0 d-----w- c:\docume~1\compaq~1\applic~1\Malwarebytes
2010-04-10 17:10:52 0 d-----w- c:\docume~1\compaq~1\applic~1\HpUpdate
2010-04-02 05:38:47 0 d-----w- c:\program files\2
2010-04-02 05:22:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-02 05:22:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-02 05:22:39 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-02 05:22:39 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-01 01:35:32 0 d-----w- c:\docume~1\compaq~1\applic~1\imeshmediabartb
2010-03-28 16:50:35 0 d-----w- c:\docume~1\alluse~1\applic~1\23BB
2010-03-22 02:46:35 0 d-----w- c:\docume~1\alluse~1\applic~1\23369
2010-03-14 22:06:26 3248 ----a-w- c:\windows\system32\wbem\Outlook_01cac3c297118ee4.mof
2010-03-14 21:32:50 23392 ----a-w- c:\windows\system32\nscompat.tlb
2010-03-14 21:32:50 16832 ----a-w- c:\windows\system32\amcompat.tlb
2010-03-14 01:39:09 4169728 ----a-r- c:\windows\system32\cdintf400.dll
2010-03-14 01:38:57 0 d-----w- c:\program files\Final Draft Tagger
2010-03-14 01:38:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Final Draft
2010-03-14 01:38:45 0 d-----w- c:\program files\Final Draft 8

==================== Find3M ====================

2010-03-22 02:45:51 52732 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-10 13:48:17 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-02-25 15:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-24 05:48:56 389632 ----a-w- c:\program files\capture.exe
2007-12-31 14:42:51 22 --sha-w- c:\windows\sminst\HPCD.sys
2009-10-17 18:44:54 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-07-12 04:17:59 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009071220090713\index.dat

============= FINISH: 16:55:06.89 ===============




#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:20 PM

Posted 11 April 2010 - 08:31 AM

Hi Clark,

Your logs don't look to bad, just a few bit their that we can clean up.

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    /md5start
    pci.sys
    proquota.exe
    sfcfiles.dll
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    beep.sys
    iaStor.sys
    nvstor.sys
    atapi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    iastorv.sys
    /md5stop
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized



Download and Run MBR Rootkit Scan
  • Please download MBR Rootkit Detector and save it on your desktop.
  • Go to Start >> Run then copy and paste the following line into the run box
    "%userprofile%\desktop\mbr.exe" -t

  • Select Run when you recieve a Security Warning
  • The process is automatic, a black DOS window will appear and disappear suddenly. This is normal.
  • A log file will the be created on your desktop where you ran mbr.exe
  • Copy and paste the contents of mbr.log on your next reply.


Then please post back here with the following logs:
  • OTL.txt
  • Extra.txt
  • mbr.log

Thanks

unite.jpg


#5 clarkmccall

clarkmccall
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 14 April 2010 - 09:25 PM

Ok. Here are the OTL, MBR logs.

When I ran the otl, I got an error box that said "Windows- No Disk; Exception Processing Message c000000013 Parameters 75b6b7c...[addl hex digits here]", with a choice of cancel, try again, or continue. I chose continue and the error box came up a few more times. I pushed continue each time and it then continued.

Thanks again.

OTL logfile created on: 4/14/2010 9:55:24 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Clark\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 568.00 Mb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.68 Gb Total Space | 71.66 Gb Free Space | 31.89% Space Free | Partition Type: NTFS
Drive D: | 8.18 Gb Total Space | 0.53 Gb Free Space | 6.46% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 3.81 Gb Total Space | 3.15 Gb Free Space | 82.54% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPAQ-1
Current User Name: Clark
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/14 21:50:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Clark\Desktop\OTL.exe
PRC - [2009/12/17 13:33:46 | 000,184,752 | ---- | M] () -- C:\Program Files\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/08/05 11:37:58 | 012,313,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/26 18:31:29 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009/04/05 12:41:52 | 000,028,672 | ---- | M] (DataViz, Inc.) -- C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
PRC - [2008/07/07 09:15:18 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/06/23 15:04:22 | 000,065,536 | ---- | M] (Dynamic Network Services, Inc.) -- C:\Program Files\DynDNS Updater\DynUpSvc.exe
PRC - [2008/06/23 15:04:20 | 000,086,016 | ---- | M] (Dynamic Network Services, Inc.) -- C:\Program Files\DynDNS Updater\DynTray.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/09 16:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2007/10/09 13:55:58 | 000,665,600 | ---- | M] (SSC Localization Group) -- C:\Program Files\SSC Service Utility\SSC Service Utility\ssc_serv.exe
PRC - [2007/06/04 21:59:15 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/05/07 19:28:58 | 000,589,824 | ---- | M] (TightVNC Group) -- C:\Program Files\TightVNC\WinVNC.exe
PRC - [2006/05/04 23:07:57 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/08/26 21:14:44 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
PRC - [2005/08/02 19:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2004/06/09 14:27:34 | 000,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\palm\Hotsync.exe
PRC - [2002/08/30 13:02:58 | 002,392,064 | ---- | M] (TLC Education Properties LLC) -- C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\MiniMavis.exe


========== Modules (SafeList) ==========

MOD - [2010/04/14 21:50:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Clark\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (DynDNS_Updater_Service)
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/07/07 09:15:18 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/06/23 15:04:22 | 000,065,536 | ---- | M] (Dynamic Network Services, Inc.) [Auto | Running] -- C:\Program Files\DynDNS Updater\DynUpSvc.exe -- (DynDNS Updater)
SRV - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2007/05/07 19:28:58 | 000,589,824 | ---- | M] (TightVNC Group) [Auto | Running] -- C:\Program Files\TightVNC\WinVNC.exe -- (winvnc)
SRV - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)


========== Driver Services (SafeList) ==========

DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/05/22 19:08:32 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone)
DRV - [2009/04/09 14:23:02 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/04/05 12:12:46 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2009/02/17 13:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008/07/09 15:49:02 | 000,444,800 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dvb7700all.sys -- (mod7700)
DRV - [2008/04/14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/04/14 00:16:22 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/14 00:16:22 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/14 00:16:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/09/05 12:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TPkd.sys -- (TPkd)
DRV - [2007/07/23 10:23:46 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/07/23 10:23:46 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/07/23 10:23:44 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/03/02 21:25:06 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
DRV - [2006/03/08 09:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/03 10:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 10:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/25 12:24:30 | 001,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/01/24 15:15:00 | 003,535,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/09/02 17:49:46 | 000,028,928 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb2vcom.sys -- (usb2vcom)
DRV - [2005/06/17 02:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/03/09 10:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 10:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/10 05:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS -- (Eplpdx02)
DRV - [2001/04/12 14:04:54 | 000,131,776 | ---- | M] (Intel ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STVqx3.SYS -- (STVqx3)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-21-799604754-3875267839-853156046-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-799604754-3875267839-853156046-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-799604754-3875267839-853156046-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-799604754-3875267839-853156046-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
IE - HKU\S-1-5-21-799604754-3875267839-853156046-1009\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-799604754-3875267839-853156046-1009\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-799604754-3875267839-853156046-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-799604754-3875267839-853156046-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-799604754-3875267839-853156046-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-21-799604754-3875267839-853156046-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-799604754-3875267839-853156046-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-799604754-3875267839-853156046-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-799604754-3875267839-853156046-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cnn.org/
IE - HKU\S-1-5-21-799604754-3875267839-853156046-1010\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-799604754-3875267839-853156046-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-799604754-3875267839-853156046-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-799604754-3875267839-853156046-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "iMesh Web Search"
FF - prefs.js..browser.search.order.1: "iMesh Web Search"
FF - prefs.js..browser.search.selectedEngine: "iMesh Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.imesh.com/"
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: {28D35620-51D9-11DE-9D13-2DB156D89593}:3.1
FF - prefs.js..keyword.URL: "http://search.imesh.com/webResults.html?src=ffb&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/03/03 13:09:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/02 14:03:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/02 14:03:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2009/11/10 16:45:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2009/11/10 16:47:29 | 000,000,000 | ---D | M]

[2008/09/03 21:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clark\Application Data\Mozilla\Extensions
[2010/03/18 19:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clark\Application Data\Mozilla\Firefox\Profiles\vhk72ol5.default\extensions
[2009/09/22 21:07:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Clark\Application Data\Mozilla\Firefox\Profiles\vhk72ol5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/09 17:23:40 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\Clark\Application Data\Mozilla\Firefox\Profiles\vhk72ol5.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}
[2009/07/11 18:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clark\Application Data\Mozilla\Firefox\Profiles\vhk72ol5.default\extensions\firegestures@xuldev.org
[2009/11/29 13:51:40 | 000,002,456 | ---- | M] () -- C:\Documents and Settings\Clark\Application Data\Mozilla\Firefox\Profiles\vhk72ol5.default\searchplugins\iMeshWebSearch.xml
[2010/03/18 19:44:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/29 13:51:40 | 000,002,456 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\iMeshWebSearch.xml

O1 HOSTS File: ([2004/08/10 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll ()
O3 - HKU\S-1-5-21-799604754-3875267839-853156046-1009\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-799604754-3875267839-853156046-1009\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-799604754-3875267839-853156046-1010\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-799604754-3875267839-853156046-1010\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [DataMngr] C:\Program Files\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe ()
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SSC Service Utility] C:\Program Files\SSC Service Utility\SSC Service Utility\ssc_serv.exe (SSC Localization Group)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [uediqgfw] C:\Documents and Settings\Linda\Local Settings\Application Data\maimpdhqs\jhapowhtssd.exe ()
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [WinVNC] C:\Program Files\TightVNC\WinVNC.exe (TightVNC Group)
O4 - HKU\S-1-5-21-799604754-3875267839-853156046-1009..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-799604754-3875267839-853156046-1009..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-799604754-3875267839-853156046-1009..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe File not found
O4 - HKU\S-1-5-21-799604754-3875267839-853156046-1010..\Run: [dbfwgnam] C:\Documents and Settings\Linda\Local Settings\Application Data\wpaqhw\uygnsftav.exe File not found
O4 - HKU\S-1-5-21-799604754-3875267839-853156046-1010..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-799604754-3875267839-853156046-1010..\Run: [uediqgfw] C:\Documents and Settings\Linda\Local Settings\Application Data\maimpdhqs\jhapowhtssd.exe ()
O4 - HKU\S-1-5-21-799604754-3875267839-853156046-1010..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe (DataViz, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe (Dynamic Network Services, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\MiniMavis.exe (TLC Education Properties LLC)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-799604754-3875267839-853156046-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-799604754-3875267839-853156046-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-799604754-3875267839-853156046-1009\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-799604754-3875267839-853156046-1010\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install-ie/alttiff.cab (AlternaTIFF ActiveX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/42.20/uploader2.cab (UploadListView Class)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Clark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Clark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 17:02:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{b55f6a86-b821-11dd-a695-001731c6bafd}\Shell - "" = AutoRun
O33 - MountPoints2\{b55f6a86-b821-11dd-a695-001731c6bafd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b55f6a86-b821-11dd-a695-001731c6bafd}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe -- File not found
O33 - MountPoints2\{f2204e36-9dea-11dd-a661-001731c6bafd}\Shell - "" = AutoRun
O33 - MountPoints2\{f2204e36-9dea-11dd-a661-001731c6bafd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f2204e36-9dea-11dd-a661-001731c6bafd}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: ('autocheck autochk *') - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/11/14 15:13:14 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/14 21:51:19 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Clark\Desktop\OTL.exe
[2010/04/10 17:08:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/02 01:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\2
[2010/04/02 01:22:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/02 01:22:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/02 01:22:39 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/02 01:22:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/01 23:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clark\Local Settings\Application Data\Threat Expert
[2010/04/01 20:10:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/01 20:08:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/28 12:50:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\23BB
[2010/03/21 22:46:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\23369
[2010/03/10 09:28:38 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Clark\Application Data\pcouffin.sys
[2010/01/29 16:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/29 16:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/03 21:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2008/11/21 21:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/08/23 11:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2008/08/23 11:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2007/08/20 12:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/02/07 18:22:16 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/05/04 22:34:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/05/04 22:34:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/02/19 06:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[2002/03/25 11:03:34 | 000,638,976 | ---- | C] (HMP - Hard- & Software GmbH) -- C:\Documents and Settings\Clark\NPSI2KVW.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/14 22:00:11 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/14 21:51:07 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/04/14 21:50:58 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Clark\Desktop\mbr.exe
[2010/04/14 21:50:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Clark\Desktop\OTL.exe
[2010/04/14 21:46:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup WeekDay Scanner.job
[2010/04/14 20:49:32 | 000,044,001 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/14 20:49:20 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/14 20:03:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/14 18:05:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/14 18:04:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/14 18:04:45 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/12 00:55:36 | 000,021,819 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/04/12 00:55:19 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Clark\NTUSER.DAT
[2010/04/12 00:55:19 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Clark\ntuser.ini
[2010/04/11 11:44:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Weekend Scanner.job
[2010/04/10 18:25:36 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/04/10 13:34:15 | 000,000,776 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/01 21:06:26 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/01 01:01:45 | 000,000,362 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/03/31 22:02:26 | 003,234,224 | -H-- | M] () -- C:\Documents and Settings\Clark\Local Settings\Application Data\IconCache.db
[2010/03/30 23:03:48 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/21 22:45:51 | 000,052,732 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/19 16:58:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/16 21:01:38 | 000,000,000 | ---- | M] () -- C:\testwma.raw
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\wetihifa
[2010/04/14 21:51:26 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Clark\Desktop\mbr.exe
[2010/04/02 01:22:44 | 000,000,776 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/10 19:38:38 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/03/10 09:28:39 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Clark\Application Data\pcouffin.log
[2010/03/10 09:28:38 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Clark\Application Data\pcouffin.cat
[2010/03/10 09:28:38 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Clark\Application Data\pcouffin.inf
[2010/01/22 22:07:21 | 000,201,488 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2010/01/22 22:07:21 | 000,144,144 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2010/01/22 22:07:21 | 000,141,584 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2010/01/22 22:07:21 | 000,063,248 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2010/01/22 22:07:21 | 000,033,040 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2010/01/19 22:13:37 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\Clark\Application Data\Smiley.ico
[2009/12/24 01:49:02 | 000,389,632 | ---- | C] () -- C:\Program Files\capture.exe
[2008/11/14 18:40:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/09/08 10:19:48 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\cl31cl3.dll
[2008/01/27 17:24:37 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/12/15 16:35:37 | 000,000,888 | ---- | C] () -- C:\Documents and Settings\Clark\Application Data\wklnhst.dat
[2007/09/05 20:01:22 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/08/23 12:55:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/08/23 12:50:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/08/23 12:50:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/05/12 20:01:16 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/05/12 19:24:27 | 000,000,306 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/05/12 19:02:47 | 000,000,594 | ---- | C] () -- C:\WINDOWS\Probe.ini
[2007/03/03 09:23:32 | 000,000,052 | ---- | C] () -- C:\WINDOWS\IpxViewr.INI
[2007/03/02 21:50:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\OctaneARM.dll
[2007/03/02 21:25:06 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2007/01/04 08:10:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mavis Beacon Teaches Typing.INI
[2006/12/22 16:15:45 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/06 23:17:20 | 000,003,401 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/03 15:31:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/09/01 21:11:36 | 000,028,928 | ---- | C] () -- C:\WINDOWS\System32\drivers\usb2vcom.sys
[2006/08/30 21:20:32 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2006/08/27 21:27:16 | 000,000,045 | ---- | C] () -- C:\WINDOWS\EPSONC84.ini
[2006/08/27 21:04:15 | 000,173,568 | ---- | C] () -- C:\Documents and Settings\Clark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/27 18:17:47 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Clark\Local Settings\Application Data\fusioncache.dat
[2006/08/27 18:17:45 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Clark\ntuser.ini
[2006/08/27 18:17:44 | 006,291,456 | -H-- | C] () -- C:\Documents and Settings\Clark\NTUSER.DAT
[2006/08/27 18:17:44 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Clark\ntuser.dat.LOG
[2006/08/27 15:17:41 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2006/08/27 15:17:41 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2006/05/04 23:48:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/04 23:27:38 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/05/04 23:23:33 | 000,012,988 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/05/04 23:23:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/05/04 23:20:47 | 000,000,217 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/05/04 23:19:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/04 23:09:54 | 000,000,561 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/04 23:08:38 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/05/04 23:03:24 | 000,000,368 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/05/04 23:02:23 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/05/04 22:59:02 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/05/04 22:59:02 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/05/04 22:59:02 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/05/04 22:59:02 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/05/04 22:59:02 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/05/04 22:59:02 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/05/04 22:59:01 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/05/04 22:57:39 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/05/04 22:37:52 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/05/04 22:37:52 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/05/04 22:37:33 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/17 13:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 17:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2005/08/02 19:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/26 03:51:38 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe


< MD5 for: ATAPI.SYS >
[2004/08/10 00:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/09 17:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: BEEP.SYS >
[2004/08/09 17:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2004/08/09 17:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2004/08/09 17:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/09 17:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/06/17 02:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\hp\drivers\Intel_5_1_0_1022_PV\iastor.sys
[2005/06/17 02:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/09 17:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: PCI.SYS >
[2004/08/10 00:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:pci.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:pci.sys
[2004/08/09 17:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:pci.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:pci.sys
[2004/08/09 17:00:00 | 000,068,224 | ---- | M] (Microsoft Corporation) MD5=8086D9979234B603AD5BC2F5D890B234 -- C:\WINDOWS\$NtServicePackUninstall$\pci.sys
[2008/04/14 00:06:46 | 000,068,224 | ---- | M] (Microsoft Corporation) MD5=A219903CCF74233761D92BEF471A07B1 -- C:\WINDOWS\ServicePackFiles\i386\pci.sys
[2008/04/14 00:06:46 | 000,068,224 | ---- | M] (Microsoft Corporation) MD5=A219903CCF74233761D92BEF471A07B1 -- C:\WINDOWS\system32\drivers\pci.sys

< MD5 for: PROQUOTA.EXE >
[2004/08/09 17:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/14 05:42:34 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/14 05:42:34 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: SCECLI.DLL >
[2004/08/09 17:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/09 17:00:00 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/14 05:42:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ERDNT\cache\sfcfiles.dll
[2008/04/14 05:42:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/14 05:42:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5263FFDE
@Alternate Data Stream - 1238 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:lU6sC3YqsbXUDmOqNE3pIwgc4
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 1204 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:kJ6f30OI79Lxh0pLniTL3ToIDWhps
@Alternate Data Stream - 1173 bytes -> C:\Program Files\Common Files\System:FB20rp9bVDTDqJf0i1IcbFZ7
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B29279A
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 1037 bytes -> C:\Program Files\Outlook Express:xhzv6xUVUPLNZ1I3HBaPb1bv
< End of report >








OTL Extras logfile created on: 4/14/2010 9:55:24 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Clark\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 568.00 Mb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.68 Gb Total Space | 71.66 Gb Free Space | 31.89% Space Free | Partition Type: NTFS
Drive D: | 8.18 Gb Total Space | 0.53 Gb Free Space | 6.46% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 3.81 Gb Total Space | 3.15 Gb Free Space | 82.54% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPAQ-1
Current User Name: Clark
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-799604754-3875267839-853156046-1009\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- ()
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe" = C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{15CCBC5D-66A7-4131-8D36-E05F27B0E68F}" = Sibelius Scorch (ActiveX Only)
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1ADE23D7-7A1E-4AEC-BA5D-EB8A01BED943}" = DeepBurner v1.8.0.224
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30E77140-D6AC-11D4-8A94-005004A8FA01}" = Chem ASAP!
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352F5013-07DC-446D-8DB6-38F339086C60}" = LightScribe 1.4.84.1
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"{49AE768B-20DB-403D-AF92-53248BB0060D}" = Intel® Play™ QX3™ Computer Microscope
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{5C9DDCE0-66CF-11D4-9100-0090274FBE9A}" = Intel® System Information Viewer
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A1F1E81-A017-43EE-8A24-E88878164C91}" = SeaWorld Adventure Parks Tycoon 3D
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}" = Final Draft
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
"{A1F2EF0E-1EE5-4F0B-8A31-EE875EBD3F01}" = Mavis Beacon Teaches Typing 15
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{ADAED43C-BBD9-42C5-8B21-F4FBFA81E3C3}" = Palm
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1" = HP Support Overview
"{D9D59C79-B080-4C94-B72A-1EB432ED192E}" = SIplugin
"{DA15D535-5E1D-4076-B520-8571346D6238}" = Norton Security Scan
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E79C8169-FA78-4C0A-A8F6-23667F88B25E}" = Movie Magic Screenwriter 6 (5 Day Trial)
"{E89D78B8-28F7-412F-8B26-C684739CBBDC}" = Palm Desktop
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EB807EB6-5179-48B7-98D4-7B4934A57A81}" = Documents To Go
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F06FCDEC-5AB3-4927-A3E7-36AF98A8E05C}" = Huge Pine USB to UART Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"AwayMode160" = Microsoft Away Mode
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BearShare" = BearShare
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)
"DynDNSUpdater" = DynDNS Updater
"eDATA Unerase" = eDATA Unerase
"EPSON Printer and Utilities" = EPSON Printer Software
"FREE Hi-Q Recorder_is1" = FREE Hi-Q Recorder 1.9
"GoogleVideoPlayer" = Google Video Player
"HijackThis" = HijackThis 2.0.2
"HP Game Console" = HP Game Console
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Rhapsody" = HP Rhapsody
"HPOOVClient-5577497 Uninstaller" = Compaq Connections (remove only)
"ie8" = Windows Internet Explorer 8
"iMesh" = iMesh
"iMesh MediaBar" = MediaBar
"ImgBurn" = ImgBurn
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"InstallShield_{D9D59C79-B080-4C94-B72A-1EB432ED192E}" = SIplugin
"InterActual Player" = InterActual Player
"IPIX Viewer" = IPIX Viewer
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"MonkeyJam_is1" = MonkeyJam 3_050529
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Netscape Browser" = Netscape Browser (remove only)
"Norton PC Checkup" = Norton PC Checkup
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Picasa 3" = Picasa 3
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"QuickTime32" = QuickTime for Windows (32-bit)
"RealPlayer 6.0" = RealPlayer
"Security Task Manager" = Security Task Manager 1.7e
"Skype_is1" = Skype 3.1
"TightVNC_is1" = TightVNC 1.3.9
"ToolBand.SkypeIEToolbarToolbar" = Skype add-on for IE
"TreeSize Free_is1" = TreeSize Free V2.3.3
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"VirtualCloneDrive" = VirtualCloneDrive
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"WT004602" = Tornado Jockey
"WT005532" = Polar Bowler
"WT005533" = Polar Golfer
"WT005534" = Ricochet Lost Worlds
"WT005537" = Super Granny
"WT005538" = Tradewinds
"WT005540" = Blackhawk Striker 2
"WT005541" = Blasterball 2 Revolution
"WT005542" = Blasterball 2 Remix
"WT005544" = Bounce Symphony
"WT005611" = Tennis Titans
"WT005612" = Family Feud
"WT005613" = Flip Words
"WT005614" = Insaniquarium Deluxe
"WT005615" = Jewel Quest
"WT005616" = Mah Jong Quest
"WT005617" = Mystery Case Files
"WT005618" = Poker Superstars
"WT005619" = SCRABBLE
"WT005620" = Slingo Deluxe
"WT005621" = Alien Outbreak 2
"WT005622" = Fairies
"WT005623" = Snowy The Bears Adventure
"WT005625" = Bejeweled 2 Deluxe
"WT005626" = Big Kahuna Reef
"WT005627" = Bookworm Deluxe
"WT005628" = Chuzzle Deluxe
"WT005629" = Diner Dash
"WT006068" = FATE
"WT006070" = Ancient Sudoku
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zoo Tycoon 2" = Zoo Tycoon 2 Endangered Species

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-799604754-3875267839-853156046-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/25/2010 6:22:31 PM | Computer Name = COMPAQ-1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/25/2010 6:34:59 PM | Computer Name = COMPAQ-1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/26/2010 9:43:15 PM | Computer Name = COMPAQ-1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/27/2010 12:28:17 AM | Computer Name = COMPAQ-1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/27/2010 12:28:19 AM | Computer Name = COMPAQ-1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/28/2010 5:36:39 PM | Computer Name = COMPAQ-1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/28/2010 8:28:21 PM | Computer Name = COMPAQ-1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/28/2010 8:28:21 PM | Computer Name = COMPAQ-1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/28/2010 10:03:48 PM | Computer Name = COMPAQ-1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/29/2010 8:06:05 PM | Computer Name = COMPAQ-1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/10/2010 5:35:40 PM | Computer Name = COMPAQ-1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 4/10/2010 5:36:13 PM | Computer Name = COMPAQ-1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 4/10/2010 5:36:14 PM | Computer Name = COMPAQ-1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the iPod Service service
to connect.

Error - 4/10/2010 5:36:14 PM | Computer Name = COMPAQ-1 | Source = Service Control Manager | ID = 7000
Description = The iPod Service service failed to start due to the following error:
%%1053

Error - 4/10/2010 5:36:44 PM | Computer Name = COMPAQ-1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the SharedAccess service.

Error - 4/11/2010 7:27:49 AM | Computer Name = COMPAQ-1 | Source = Service Control Manager | ID = 7000
Description = The DynDNS Updater Service service failed to start due to the following
error: %%2

Error - 4/11/2010 7:27:52 AM | Computer Name = COMPAQ-1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 4/14/2010 6:05:31 PM | Computer Name = COMPAQ-1 | Source = Service Control Manager | ID = 7000
Description = The DynDNS Updater Service service failed to start due to the following
error: %%2

Error - 4/14/2010 6:05:33 PM | Computer Name = COMPAQ-1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 4/14/2010 6:06:19 PM | Computer Name = COMPAQ-1 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >




Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK




#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:20 PM

Posted 16 April 2010 - 07:13 AM

Hello,

Can you tell me how the computer is running?

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (DynDNS_Updater_Service)
    O3 - HKU\S-1-5-21-799604754-3875267839-853156046-1010\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O4 - HKLM..\Run: [uediqgfw] C:\Documents and Settings\Linda\Local Settings\Application Data\maimpdhqs\jhapowhtssd.exe ()
    O4 - HKU\S-1-5-21-799604754-3875267839-853156046-1009..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe File not found
    O4 - HKU\S-1-5-21-799604754-3875267839-853156046-1010..\Run: [dbfwgnam] C:\Documents and Settings\Linda\Local Settings\Application Data\wpaqhw\uygnsftav.exe File not found
    O4 - HKU\S-1-5-21-799604754-3875267839-853156046-1010..\Run: [uediqgfw] C:\Documents and Settings\Linda\Local Settings\Application Data\maimpdhqs\jhapowhtssd.exe ()
    O4 - HKU\S-1-5-21-799604754-3875267839-853156046-1010..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; File not found
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
    [2010/03/28 12:50:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\23BB
    [2010/03/21 22:46:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\23369
    [2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\wetihifa
    :Reg
    [HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyEnable"=dword:00000000
    [HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer"=""
    [HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyEnable"=dword:00000000
    [HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer"=""
    [HKU\S-1-5-21-799604754-3875267839-853156046-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyEnable"=dword:00000000
    [HKU\S-1-5-21-799604754-3875267839-853156046-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer"=""
    [HKU\S-1-5-21-799604754-3875267839-853156046-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyEnable"=dword:00000000
    [HKU\S-1-5-21-799604754-3875267839-853156046-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer"=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring"=dword:00000000
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan without the bold text, and post the new OTL log.

unite.jpg


#7 clarkmccall

clarkmccall
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 16 April 2010 - 10:38 PM

Hi Syler,
Here are 2 OTL logs. The first one I ran with the custom text you posted as you specified. The second one you said to run "without the bold text". I did not see any bold text, so it is just another OTL run with the custom text.

I have not hooked the problem up to the LAN cable since I started trying to remove the virus using your/bleeping computer instructions.

I tried hooking up the LAN cable and running internet explorer. It won't connect to the internet. I have tried turning off the Mcafee firewall and the Windows firewall but this doesn't change things.
I tried the LAN cable with another computer and it works fine.

Suggestions?




All processes killed
========== OTL ==========
Service DynDNS_Updater_Service stopped successfully!
Service DynDNS_Updater_Service deleted successfully!
Registry key HKEY_USERS\S-1-5-21-799604754-3875267839-853156046-1010\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\uediqgfw deleted successfully.
C:\Documents and Settings\Linda\Local Settings\Application Data\maimpdhqs\jhapowhtssd.exe moved successfully.
Registry key HKEY_USERS\S-1-5-21-799604754-3875267839-853156046-1009\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\S-1-5-21-799604754-3875267839-853156046-1010\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\S-1-5-21-799604754-3875267839-853156046-1010\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Linda\Local Settings\Application Data\maimpdhqs\jhapowhtssd.exe not found.
Registry key HKEY_USERS\S-1-5-21-799604754-3875267839-853156046-1010\Software\Microsoft\Windows\CurrentVersion\RunOnce not found.
Starting removal of ActiveX control {49232000-16E4-426C-A231-62846947304B}
C:\WINDOWS\Downloaded Program Files\SysInfo.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{49232000-16E4-426C-A231-62846947304B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49232000-16E4-426C-A231-62846947304B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{49232000-16E4-426C-A231-62846947304B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49232000-16E4-426C-A231-62846947304B}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
C:\Documents and Settings\All Users\Application Data\23BB folder moved successfully.
C:\Documents and Settings\All Users\Application Data\23369 folder moved successfully.
C:\WINDOWS\system32\wetihifa moved successfully.
========== REGISTRY ==========
Unable to set value : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyEnable"|dword:00000000 /E!
Unable to set value : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyServer"|"" /E!
Unable to set value : HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyEnable"|dword:00000000 /E!
Unable to set value : HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyServer"|"" /E!
Unable to set value : HKU\S-1-5-21-799604754-3875267839-853156046-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyEnable"|dword:00000000 /E!
Unable to set value : HKU\S-1-5-21-799604754-3875267839-853156046-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyServer"|"" /E!
Unable to set value : HKU\S-1-5-21-799604754-3875267839-853156046-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyEnable"|dword:00000000 /E!
Unable to set value : HKU\S-1-5-21-799604754-3875267839-853156046-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyServer"|"" /E!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Clark
->Temp folder emptied: 29598 bytes
->Temporary Internet Files folder emptied: 6653534 bytes
->Java cache emptied: 16884969 bytes
->FireFox cache emptied: 48193108 bytes
->Flash cache emptied: 2732736 bytes

User: Compaq_Administrator
->Temp folder emptied: 4534535 bytes
->Temporary Internet Files folder emptied: 1829912 bytes
->FireFox cache emptied: 67948471 bytes
->Flash cache emptied: 1598 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: John
->Temp folder emptied: 24756 bytes
->Temporary Internet Files folder emptied: 866302 bytes
->Java cache emptied: 9741259 bytes
->FireFox cache emptied: 3173885 bytes
->Flash cache emptied: 1717308 bytes

User: Kate
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1382085 bytes
->Java cache emptied: 1919101 bytes
->FireFox cache emptied: 4433275 bytes
->Flash cache emptied: 1211910 bytes

User: Linda
->Temp folder emptied: 76933 bytes
->Temporary Internet Files folder emptied: 7238817 bytes
->Java cache emptied: 4460363 bytes
->FireFox cache emptied: 43049931 bytes
->Flash cache emptied: 243300 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 393350 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 405 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 4737041 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 347944 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 63704 bytes

Total Files Cleaned = 223.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Clark
->Flash cache emptied: 0 bytes

User: Compaq_Administrator
->Flash cache emptied: 0 bytes

User: Default User

User: Guest

User: John
->Flash cache emptied: 0 bytes

User: Kate
->Flash cache emptied: 0 bytes

User: Linda
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.1.1 log created on 04162010_214515

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Kate\Local Settings\Temporary Internet Files\Content.IE5\TIVDDI8M\composer_well[1].gif not found!
File\Folder C:\Documents and Settings\Kate\Local Settings\Temporary Internet Files\Content.IE5\RADGDFB7\q587828114_4441[1].jpg not found!
File\Folder C:\Documents and Settings\Kate\Local Settings\Temporary Internet Files\Content.IE5\C9AVWHQB\84ccno2p1zc44848.pkg[1].js not found!
File\Folder C:\Documents and Settings\Linda\Local Settings\Temp\temp0.exe not found!
File\Folder C:\Documents and Settings\Linda\Local Settings\Temporary Internet Files\Content.IE5\9NK041UT not found!
File\Folder C:\Documents and Settings\Linda\Local Settings\Temporary Internet Files\Content.IE5\Q6GI6C15 not found!
File\Folder C:\WINDOWS\temp\mcmsc_2Pvxp3qSr6DwdDh not found!
File\Folder C:\WINDOWS\temp\mcmsc_9sdjsY67BHgFtuv not found!

Registry entries deleted on Reboot...




All processes killed
========== OTL ==========
Error: No service named DynDNS_Updater_Service was found to stop!
Service\Driver key DynDNS_Updater_Service not found.
Registry key HKEY_USERS\S-1-5-21-799604754-3875267839-853156046-1010\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\uediqgfw not found.
File C:\Documents and Settings\Linda\Local Settings\Application Data\maimpdhqs\jhapowhtssd.exe not found.
Registry key HKEY_USERS\S-1-5-21-799604754-3875267839-853156046-1009\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\S-1-5-21-799604754-3875267839-853156046-1010\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\S-1-5-21-799604754-3875267839-853156046-1010\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Linda\Local Settings\Application Data\maimpdhqs\jhapowhtssd.exe not found.
Registry key HKEY_USERS\S-1-5-21-799604754-3875267839-853156046-1010\Software\Microsoft\Windows\CurrentVersion\RunOnce not found.
Starting removal of ActiveX control {49232000-16E4-426C-A231-62846947304B}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{49232000-16E4-426C-A231-62846947304B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49232000-16E4-426C-A231-62846947304B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{49232000-16E4-426C-A231-62846947304B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49232000-16E4-426C-A231-62846947304B}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Folder C:\Documents and Settings\All Users\Application Data\23BB\ not found.
Folder C:\Documents and Settings\All Users\Application Data\23369\ not found.
File C:\WINDOWS\System32\wetihifa not found.
========== REGISTRY ==========
Unable to set value : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyEnable"|dword:00000000 /E!
Unable to set value : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyServer"|"" /E!
Unable to set value : HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyEnable"|dword:00000000 /E!
Unable to set value : HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyServer"|"" /E!
Unable to set value : HKU\S-1-5-21-799604754-3875267839-853156046-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyEnable"|dword:00000000 /E!
Unable to set value : HKU\S-1-5-21-799604754-3875267839-853156046-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyServer"|"" /E!
Unable to set value : HKU\S-1-5-21-799604754-3875267839-853156046-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyEnable"|dword:00000000 /E!
Unable to set value : HKU\S-1-5-21-799604754-3875267839-853156046-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyServer"|"" /E!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Clark
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Compaq_Administrator
->Temp folder emptied: 25453 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: John
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kate
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 224102 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Linda
->Temp folder emptied: 51480 bytes
->Temporary Internet Files folder emptied: 123770 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Clark
->Flash cache emptied: 0 bytes

User: Compaq_Administrator
->Flash cache emptied: 0 bytes

User: Default User

User: Guest

User: John
->Flash cache emptied: 0 bytes

User: Kate
->Flash cache emptied: 0 bytes

User: Linda
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.1.1 log created on 04162010_221641

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Kate\Local Settings\Temporary Internet Files\Content.IE5\TIVDDI8M\composer_well[1].gif not found!
File\Folder C:\Documents and Settings\Kate\Local Settings\Temporary Internet Files\Content.IE5\RADGDFB7\q587828114_4441[1].jpg not found!
File\Folder C:\Documents and Settings\Kate\Local Settings\Temporary Internet Files\Content.IE5\C9AVWHQB\84ccno2p1zc44848.pkg[1].js not found!
File\Folder C:\Documents and Settings\Linda\Local Settings\Temp\temp0.exe not found!
File\Folder C:\Documents and Settings\Linda\Local Settings\Temporary Internet Files\Content.IE5\9NK041UT not found!
File\Folder C:\Documents and Settings\Linda\Local Settings\Temporary Internet Files\Content.IE5\Q6GI6C15 not found!

Registry entries deleted on Reboot...


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:20 PM

Posted 17 April 2010 - 05:48 AM

When I said run it again without the bold text I was referring to this please run it again as you did in the link, without the bold text and post the new log.

Thanks

unite.jpg


#9 clarkmccall

clarkmccall
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 17 April 2010 - 05:43 PM

Syler,
Ok, here is an OTL without the bold text.

The computer now seems to be virus-free. Knock on wood. It doesn't get out to internet with Internet Explorer, but Mozilla Firefox works. I shut off the McAfee firewall and the Windows firewall, but still only Firefox gets out. But I can keep working at that. The computer is now usable, so I am grateful for that !
Clark

OTL logfile created on: 4/17/2010 10:37:25 AM - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = F:\
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 428.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.68 Gb Total Space | 70.92 Gb Free Space | 31.56% Space Free | Partition Type: NTFS
Drive D: | 8.18 Gb Total Space | 0.53 Gb Free Space | 6.46% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 3.81 Gb Total Space | 3.15 Gb Free Space | 82.51% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPAQ-1
Current User Name: Compaq_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/14 21:50:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2009/12/17 13:33:46 | 000,184,752 | ---- | M] () -- C:\Program Files\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/26 18:31:29 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009/04/05 12:41:52 | 000,028,672 | ---- | M] (DataViz, Inc.) -- C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
PRC - [2008/07/07 09:15:18 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/06/23 15:04:22 | 000,065,536 | ---- | M] (Dynamic Network Services, Inc.) -- C:\Program Files\DynDNS Updater\DynUpSvc.exe
PRC - [2008/06/23 15:04:20 | 000,086,016 | ---- | M] (Dynamic Network Services, Inc.) -- C:\Program Files\DynDNS Updater\DynTray.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/09 16:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2007/10/09 13:55:58 | 000,665,600 | ---- | M] (SSC Localization Group) -- C:\Program Files\SSC Service Utility\SSC Service Utility\ssc_serv.exe
PRC - [2007/06/04 21:59:15 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/05/07 19:28:58 | 000,589,824 | ---- | M] (TightVNC Group) -- C:\Program Files\TightVNC\WinVNC.exe
PRC - [2006/02/15 18:34:58 | 000,249,856 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
PRC - [2005/08/02 19:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2004/06/09 14:27:34 | 000,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\palm\Hotsync.exe
PRC - [2002/08/30 13:02:58 | 002,392,064 | ---- | M] (TLC Education Properties LLC) -- C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\MiniMavis.exe


========== Modules (SafeList) ==========

MOD - [2010/04/14 21:50:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2002/08/14 12:08:40 | 000,118,784 | ---- | M] (Broderbund) -- C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\KeyHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/07/07 09:15:18 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/06/23 15:04:22 | 000,065,536 | ---- | M] (Dynamic Network Services, Inc.) [Auto | Running] -- C:\Program Files\DynDNS Updater\DynUpSvc.exe -- (DynDNS Updater)
SRV - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2007/05/07 19:28:58 | 000,589,824 | ---- | M] (TightVNC Group) [Auto | Running] -- C:\Program Files\TightVNC\WinVNC.exe -- (winvnc)
SRV - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)


========== Driver Services (SafeList) ==========

DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/05/22 19:08:32 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone)
DRV - [2009/04/09 14:23:02 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/04/05 12:12:46 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2009/02/17 13:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008/07/09 15:49:02 | 000,444,800 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dvb7700all.sys -- (mod7700)
DRV - [2008/04/14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/04/14 00:16:22 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/14 00:16:22 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/14 00:16:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/09/05 12:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TPkd.sys -- (TPkd)
DRV - [2007/07/23 10:23:46 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/07/23 10:23:46 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/07/23 10:23:44 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/03/02 21:25:06 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
DRV - [2006/03/08 09:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/03 10:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 10:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/25 12:24:30 | 001,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/01/24 15:15:00 | 003,535,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/09/02 17:49:46 | 000,028,928 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb2vcom.sys -- (usb2vcom)
DRV - [2005/06/17 02:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/03/09 10:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 10:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/10 05:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS -- (Eplpdx02)
DRV - [2001/04/12 14:04:54 | 000,131,776 | ---- | M] (Intel ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STVqx3.SYS -- (STVqx3)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-21-799604754-3875267839-853156046-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-799604754-3875267839-853156046-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-799604754-3875267839-853156046-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-799604754-3875267839-853156046-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-799604754-3875267839-853156046-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-799604754-3875267839-853156046-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: {28D35620-51D9-11DE-9D13-2DB156D89593}:3.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/03/03 13:09:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/02 14:03:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/02 14:03:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2009/11/10 16:45:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2009/11/10 16:47:29 | 000,000,000 | ---D | M]

[2009/07/11 20:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions
[2010/04/16 22:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\35pfou4u.default\extensions
[2010/04/16 22:45:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\35pfou4u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/09 17:24:00 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\35pfou4u.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}
[2009/07/11 20:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\35pfou4u.default\extensions\firegestures@xuldev.org
[2010/04/16 22:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\35pfou4u.default\extensions\staged-xpis
[2010/03/18 19:44:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/29 13:51:40 | 000,002,456 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\iMeshWebSearch.xml

O1 HOSTS File: ([2004/08/10 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll ()
O3 - HKU\S-1-5-21-799604754-3875267839-853156046-1008\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [DataMngr] C:\Program Files\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe ()
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SSC Service Utility] C:\Program Files\SSC Service Utility\SSC Service Utility\ssc_serv.exe (SSC Localization Group)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [WinVNC] C:\Program Files\TightVNC\WinVNC.exe (TightVNC Group)
O4 - HKU\S-1-5-21-799604754-3875267839-853156046-1008..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe (DataViz, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe (Dynamic Network Services, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\MiniMavis.exe (TLC Education Properties LLC)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-799604754-3875267839-853156046-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-799604754-3875267839-853156046-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-799604754-3875267839-853156046-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-799604754-3875267839-853156046-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install-ie/alttiff.cab (AlternaTIFF ActiveX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/42.20/uploader2.cab (UploadListView Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 17:02:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: ('autocheck autochk *') - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/10 18:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\DivX
[2010/04/10 18:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\WMTools Downloaded Files
[2010/04/10 17:08:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/10 13:34:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Malwarebytes
[2010/04/10 13:10:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\HpUpdate
[2010/04/02 01:59:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Threat Expert
[2010/04/02 01:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\2
[2010/04/02 01:22:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/02 01:22:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/02 01:22:39 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/02 01:22:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/02 01:21:35 | 005,918,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Administrator\Desktop\mbam-setup.exe
[2010/04/02 00:32:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\gmer
[2010/04/01 20:10:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/01 20:08:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/31 22:35:53 | 000,334,720 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Compaq_Administrator\Desktop\RootkitRevealer.exe
[2010/03/31 21:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\imeshmediabartb
[2010/01/29 16:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/29 16:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/03 21:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2008/11/21 21:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/08/23 11:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2008/08/23 11:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2007/08/20 12:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/02/07 18:22:16 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/05/04 22:34:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/05/04 22:34:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/02/19 06:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

========== Files - Modified Within 30 Days ==========

[2010/04/17 10:35:22 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/17 10:32:45 | 000,044,001 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/17 10:32:38 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/17 10:32:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/17 10:32:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/17 10:32:09 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/17 09:32:10 | 000,021,969 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/04/17 09:31:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/17 09:25:43 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/04/17 09:00:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/16 22:55:18 | 001,835,008 | -H-- | M] () -- C:\Documents and Settings\Compaq_Administrator\NTUSER.DAT
[2010/04/16 22:54:16 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator\ntuser.ini
[2010/04/15 01:00:00 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/04/14 21:46:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup WeekDay Scanner.job
[2010/04/11 11:44:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Weekend Scanner.job
[2010/04/10 18:33:10 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/10 18:25:36 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/04/10 13:34:15 | 000,000,776 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/02 01:31:40 | 005,918,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Administrator\Desktop\mbam-setup.exe
[2010/04/02 01:17:50 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\renamedrkl.com
[2010/04/02 00:32:32 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\gmer.zip
[2010/04/01 23:30:50 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr
[2010/04/01 21:06:26 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/01 12:04:12 | 003,906,159 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
[2010/04/01 01:01:45 | 000,000,362 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/03/30 23:03:48 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/21 22:45:51 | 000,052,732 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/19 16:58:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2010/04/10 18:25:34 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/02 01:22:44 | 000,000,776 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/02 01:19:40 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\renamedrkl.com
[2010/04/02 00:32:17 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\gmer.zip
[2010/04/01 23:30:19 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr
[2010/04/01 20:07:51 | 003,906,159 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
[2010/03/10 19:38:38 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/01/22 22:07:21 | 000,201,488 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2010/01/22 22:07:21 | 000,144,144 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2010/01/22 22:07:21 | 000,141,584 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2010/01/22 22:07:21 | 000,063,248 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2010/01/22 22:07:21 | 000,033,040 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2009/12/24 01:49:02 | 000,389,632 | ---- | C] () -- C:\Program Files\capture.exe
[2008/11/14 18:40:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/09/08 10:19:48 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\cl31cl3.dll
[2008/01/27 17:24:37 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/09/05 20:01:22 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/08/23 12:55:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/08/23 12:50:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/08/23 12:50:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/05/12 20:01:16 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/05/12 19:24:27 | 000,000,306 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/05/12 19:02:47 | 000,000,594 | ---- | C] () -- C:\WINDOWS\Probe.ini
[2007/03/03 09:23:32 | 000,000,052 | ---- | C] () -- C:\WINDOWS\IpxViewr.INI
[2007/03/02 21:50:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\OctaneARM.dll
[2007/03/02 21:25:06 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2007/01/04 08:10:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mavis Beacon Teaches Typing.INI
[2006/12/22 16:15:45 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/06 23:17:20 | 000,003,401 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/03 15:31:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/09/01 21:11:36 | 000,028,928 | ---- | C] () -- C:\WINDOWS\System32\drivers\usb2vcom.sys
[2006/08/30 21:20:32 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2006/08/27 21:27:16 | 000,000,045 | ---- | C] () -- C:\WINDOWS\EPSONC84.ini
[2006/08/27 15:18:05 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/08/27 15:18:04 | 001,835,008 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\NTUSER.DAT
[2006/08/27 15:18:04 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\ntuser.dat.LOG
[2006/08/27 15:18:04 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\ntuser.ini
[2006/08/27 15:17:41 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2006/08/27 15:17:41 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2006/05/04 23:48:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/04 23:27:38 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/05/04 23:23:33 | 000,012,988 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/05/04 23:23:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/05/04 23:20:47 | 000,000,217 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/05/04 23:19:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/04 23:09:54 | 000,000,561 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/04 23:08:38 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/05/04 23:03:24 | 000,000,368 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/05/04 23:02:23 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/05/04 22:59:02 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/05/04 22:59:02 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/05/04 22:59:02 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/05/04 22:59:02 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/05/04 22:59:02 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/05/04 22:59:02 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/05/04 22:59:01 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/05/04 22:57:39 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/05/04 22:37:52 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/05/04 22:37:52 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/05/04 22:37:33 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/17 13:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 17:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2005/08/02 19:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/26 03:51:38 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5263FFDE
@Alternate Data Stream - 1238 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:lU6sC3YqsbXUDmOqNE3pIwgc4
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 1204 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:kJ6f30OI79Lxh0pLniTL3ToIDWhps
@Alternate Data Stream - 1173 bytes -> C:\Program Files\Common Files\System:FB20rp9bVDTDqJf0i1IcbFZ7
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B29279A
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 1037 bytes -> C:\Program Files\Outlook Express:xhzv6xUVUPLNZ1I3HBaPb1bv
< End of report >


#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:20 PM

Posted 18 April 2010 - 05:09 AM

Hi Clark,

You appear to have a proxy setting enabled which may be stopping IE accessing the net please do the following to make sure the proxy setting is off.


Go to Start >> Control panel >> Internet options.
Select the Connections tab and click on LAN Settings.
Delete the settings in the Address and Port boxes under "Use a proxy server for your LAN"
Then Uncheck "Use a proxy server for your LAN" and click OK.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5263FFDE
    @Alternate Data Stream - 1238 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:lU6sC3YqsbXUDmOqNE3pIwgc4
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 1204 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:kJ6f30OI79Lxh0pLniTL3ToIDWhps
    @Alternate Data Stream - 1173 bytes -> C:\Program Files\Common Files\System:FB20rp9bVDTDqJf0i1IcbFZ7
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B29279A
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    @Alternate Data Stream - 1037 bytes -> C:\Program Files\Outlook Express:xhzv6xUVUPLNZ1I3HBaPb1bv
    :Reg
    [HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyEnable"=dword:00000000
    [HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer"=""
    [HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyEnable"=dword:00000000
    [HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer"=""
    [HKU\S-1-5-21-799604754-3875267839-853156046-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyEnable"=dword:00000000
    [HKU\S-1-5-21-799604754-3875267839-853156046-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer"=""
    :Commands
    [Resethosts]
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan without the bold text, and post the new OTL log.



Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 19 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u19-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the button.
  • Check
  • Click the button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push

Then please post back here with the following logs:
  • OTL results
  • New OTL log
  • ESET report

Thanks

unite.jpg


#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:20 PM

Posted 23 April 2010 - 03:58 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users