Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser redirect, GMER freezes


  • This topic is locked This topic is locked
19 replies to this topic

#1 thisaintgood

thisaintgood

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 14 May 2010 - 05:38 PM

About a week or so ago my browser (IE8) started redirecting me to random websites. I also got the Total Protection 2010 popups. I tried to use Malwarebytes Antimalware to remove Total Protection but I still get redirected. After about ten minutes GMER stops responding (states "not responding" even if I wait an hour), I havenít tried it in safe mode. I just also received a BSOD stating PFN_LIST_CORRUPT (hopefully not a drive failure coming up mellow.gif ).
Any help is appreciated.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Eric J at 12:37:04.51 on Fri 05/14/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.491 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\ERICJ~1\LOCALS~1\Temp\clclean.0001
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Eric J\Local Settings\Temporary Internet Files\Content.IE5\D40B3ROI\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?hl=en
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100427061937.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm .exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC .exe" /tray
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Malwarebytes Anti-Malware (rootkit-scan)] "e:\malwa\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35[1].exe" /scan:boot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
StartupFolder: c:\docume~1\ericj~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\ericj~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199067418181
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199073824609
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-3-18 385536]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-3-18 82952]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [2007-10-28 583128]
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-10-26 250560]
R2 k;k;c:\windows\system32\o.sys [2010-4-30 4736]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-12-28 93320]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-3-18 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-3-18 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-3-18 271480]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-3-18 170144]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-3-18 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-3-18 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-3-18 55456]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-3-18 152320]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-3-18 51688]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-3-18 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-3-18 88480]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-24 135664]
S3 Belkin Belkin 11Mbps Wireless USB Network Adapter®;Belkin Belkin 11Mbps Wireless USB Network Adapter® Service for Belkin 11Mbps Wireless USB Network Adapter;c:\windows\system32\drivers\bkusbxp.sys [2007-12-30 101099]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-7-16 13224]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-3-18 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-3-18 83496]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-3-18 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-3-18 40552]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2009-7-16 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2009-7-16 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2009-7-16 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2009-7-16 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2009-7-16 98568]
S4 fptbt;fptbt;c:\windows\system32\drivers\mfncknp.sys [2010-5-3 54016]
S4 mgptk;mgptk;c:\windows\system32\drivers\esuhu.sys [2010-5-3 54016]
S4 pxps;pxps;c:\windows\system32\drivers\hbxpqf.sys [2010-5-3 54016]

=============== Created Last 30 ================

2010-05-14 03:20:11 20 ----a-w- c:\documents and settings\eric j\defogger_reenable
2010-05-12 10:29:31 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-06 11:16:18 0 ----a-w- c:\windows\system32\24464.exe
2010-05-06 10:56:18 0 ----a-w- c:\windows\system32\26962.exe
2010-05-06 10:39:39 36 ----a-w- c:\program files\skynet.dat
2010-05-06 10:36:18 0 ----a-w- c:\windows\system32\29358.exe
2010-05-06 10:34:05 0 d-----w- c:\program files\scdata
2010-05-06 10:29:35 1580 ----a-w- C:\AKM Antivirus 2010 Pro.lnk
2010-05-06 10:16:18 0 ----a-w- c:\windows\system32\11478.exe
2010-05-06 09:56:18 0 ----a-w- c:\windows\system32\15724.exe
2010-05-06 09:36:18 0 ----a-w- c:\windows\system32\19169.exe
2010-05-06 09:16:18 0 ----a-w- c:\windows\system32\26500.exe
2010-05-06 08:56:18 0 ----a-w- c:\windows\system32\6334.exe
2010-05-06 08:36:18 0 ----a-w- c:\windows\system32\18467.exe
2010-05-06 02:16:20 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-05-06 02:04:09 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-05-06 02:03:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-05-06 02:03:00 0 d-----w- c:\program files\Hitman Pro 3.5
2010-05-05 17:53:48 0 d-----w- c:\docume~1\ericj~1\applic~1\Smart PC Solutions
2010-05-05 17:20:50 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-04 04:33:51 54016 ----a-w- c:\windows\system32\drivers\mfncknp.sys
2010-05-04 04:31:55 54016 ----a-w- c:\windows\system32\drivers\hbxpqf.sys
2010-05-04 02:54:06 54016 ----a-w- c:\windows\system32\drivers\esuhu.sys
2010-05-03 22:01:28 147 ----a-w- c:\windows\system32\PRAGMAsrcr.dat
2010-05-01 19:49:42 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-01 11:20:54 603 ----a-w- C:\Digital Protection.lnk
2010-05-01 11:20:54 1515 ----a-w- C:\Digital Protection Support.lnk
2010-05-01 11:20:54 0 d-----w- C:\Digital Protection
2010-04-30 23:56:48 112 ----a-w- c:\docume~1\alluse~1\applic~1\hy666r.dat
2010-04-30 23:56:44 4736 ----a-w- c:\windows\system32\o.sys
2010-04-30 20:53:48 0 dc-h--w- c:\windows\ie8
2010-04-30 20:22:38 0 d-----w- c:\docume~1\ericj~1\applic~1\ElevatedDiagnostics
2010-04-30 18:42:05 0 d-----w- c:\docume~1\ericj~1\applic~1\Malwarebytes
2010-04-30 18:41:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-30 18:41:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-30 18:41:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

==================== Find3M ====================

2010-04-14 19:29:58 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-04-14 19:29:58 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-04-14 19:29:58 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-04-14 19:29:58 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-04-14 19:29:58 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-04-14 19:29:58 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-04-14 19:29:58 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-14 19:29:58 385536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-14 19:29:58 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-04-14 19:29:58 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-09-09 19:07:57 1070 -c--a-w- c:\program files\Quicken.QIF
2001-08-22 20:15:48 245760 ----a-w- c:\windows\inf\i386\viceo.dll
2001-08-22 20:13:38 32768 ----a-w- c:\windows\inf\i386\Pmicro.dll
2001-08-22 20:13:30 61440 ----a-w- c:\windows\inf\i386\gl.dll
2001-08-04 01:29:18 13824 ----a-w- c:\windows\inf\i386\Usbscan.sys
2009-06-11 21:58:14 245760 -csha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-05-24 00:48:24 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008052320080524\index.dat
2009-12-28 10:26:35 32768 -csha-w- c:\windows\temp\cookies\index.dat
2009-12-28 10:26:35 32768 -csha-w- c:\windows\temp\history\history.ie5\index.dat
2009-12-28 10:26:35 49152 -csha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 12:40:26.96 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:49 AM

Posted 15 May 2010 - 10:29 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 thisaintgood

thisaintgood
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 15 May 2010 - 09:59 PM

Thank you for helping me. clapping.gif
Here are the scans...


OTL logfile created on: 5/15/2010 7:11:50 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Eric J\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 396.00 Mb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.80 Gb Total Space | 2.06 Gb Free Space | 2.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.76 Gb Total Space | 339.26 Gb Free Space | 72.84% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ERICCJ
Current User Name: Eric J
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/15 19:08:48 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eric J\Desktop\OTL.exe
PRC - [2010/05/15 07:29:03 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\Eric J\Local Settings\Temp\clclean.0001
PRC - [2010/04/14 12:29:58 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/04/14 12:29:58 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/04/01 23:05:04 | 001,180,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2009/12/23 15:57:18 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/09/04 14:16:54 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/30 22:31:41 | 000,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2006/11/13 14:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm .exe
PRC - [2005/03/22 03:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (SafeList) ==========

MOD - [2010/05/15 19:08:48 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eric J\Desktop\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/14 12:29:58 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/04/14 12:29:58 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/03/10 11:16:56 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2009/12/23 15:57:18 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/09/04 14:17:00 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 14:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- e:\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/09/04 14:16:54 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2007/12/30 22:31:41 | 000,069,632 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)


========== Driver Services (SafeList) ==========

DRV - [2010/05/03 21:33:51 | 000,054,016 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\mfncknp.sys -- (fptbt)
DRV - [2010/05/03 21:31:55 | 000,054,016 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\hbxpqf.sys -- (pxps)
DRV - [2010/05/03 19:54:06 | 000,054,016 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\esuhu.sys -- (mgptk)
DRV - [2010/04/30 16:56:44 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\o.sys -- (k)
DRV - [2010/04/14 12:29:58 | 000,385,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/04/14 12:29:58 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/04/14 12:29:58 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/04/14 12:29:58 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/04/14 12:29:58 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/04/14 12:29:58 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/04/14 12:29:58 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/04/14 12:29:58 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/04/14 12:29:58 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/04/14 12:29:58 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/04 17:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/09/02 01:28:46 | 000,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)
DRV - [2009/07/16 12:35:29 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009/07/16 12:35:29 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2008/08/05 13:50:23 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/28 08:35:14 | 000,583,128 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV10.sys -- (acedrv10)
DRV - [2007/10/26 06:53:46 | 000,250,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acehlp10.sys -- (acehlp10)
DRV - [2007/09/29 04:06:00 | 002,456,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/04/23 15:54:50 | 000,100,488 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/23 15:54:50 | 000,098,568 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115obex.sys -- (s115obex)
DRV - [2007/04/23 15:54:48 | 000,108,680 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdm.sys -- (s115mdm)
DRV - [2007/04/23 15:54:48 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdfl.sys -- (s115mdfl)
DRV - [2007/04/23 15:54:46 | 000,083,208 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV - [2005/06/06 01:40:48 | 000,180,736 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005/05/25 02:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTUSFSYN.SYS -- (CTUSFSYN)
DRV - [2005/03/24 19:11:00 | 001,350,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sigfilt.sys -- (sigfilt)
DRV - [2005/01/10 03:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k)
DRV - [2005/01/10 03:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTOSS2K.SYS -- (ossrv)
DRV - [2004/12/13 09:44:04 | 000,014,848 | ---- | M] (NVIDIA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nvndis.sys -- (NvNdis)
DRV - [2004/10/11 11:28:18 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/04/09 11:29:18 | 000,101,099 | ---- | M] (Belkin Components ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bkusbxp.sys -- (Belkin Belkin 11Mbps Wireless USB Network Adapter®) Belkin Belkin 11Mbps Wireless USB Network Adapter®
DRV - [2000/10/15 18:38:54 | 000,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1214440339-261903793-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
IE - HKU\S-1-5-21-1214440339-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/04/21 06:34:26 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/10 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100427061937.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35[1].exe (SurfRight B.V.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] E:\malwa\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask .exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC .exe (Andrea Electronics Corporation)
O4 - HKU\S-1-5-21-1214440339-261903793-725345543-1003..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm .exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1214440339-261903793-725345543-1003..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Eric J\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Eric J\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-261903793-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: buy-security-essentials.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: download-soft-package.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: download-software-package.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: get-key-se10.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: buy-security-essentials.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: download-soft-package.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: download-software-package.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: get-key-se10.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://www.costcophotocenter.com/upload/ac...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (DeviceEnum Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1199067418181 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1199073824609 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.costcophotocenter.com/upload/ac...veX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Eric J\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Eric J\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/30 18:46:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {519F8772-9BD6-A36B-B658-F0C8FC811A02} - Browser Customizations
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {83C320CB-1DAD-F1AE-EE23-2CBE4E47DED1} - Microsoft Windows Media Player 6.4
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {F8256BB2-74CF-9665-FB09-0D49BBE7C38C} - Internet Explorer
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/12/30 18:45:28 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/15 19:08:47 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eric J\Desktop\OTL.exe
[2010/05/15 12:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eric J\My Documents\New Folder
[2010/05/15 12:39:08 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2010/05/13 21:00:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eric J\Desktop\gmer
[2010/05/08 07:38:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/05/07 10:02:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/05/06 14:06:06 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/06 14:06:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/06 14:06:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/06 03:34:05 | 000,000,000 | ---D | C] -- C:\Program Files\scdata
[2010/05/05 19:16:20 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/05/05 19:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/05/05 19:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/05/05 18:51:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eric J\Desktop\reg
[2010/05/05 10:53:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eric J\Application Data\Smart PC Solutions
[2010/05/05 10:21:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/05 10:20:50 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/03 15:06:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eric J\Desktop\Log
[2010/05/01 12:49:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2010/05/01 04:20:54 | 000,000,000 | ---D | C] -- C:\Digital Protection
[2010/05/01 04:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/05/01 01:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/04/30 13:53:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/04/30 13:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eric J\Application Data\ElevatedDiagnostics
[2010/04/30 13:21:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/04/30 11:42:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eric J\Application Data\Malwarebytes
[2010/04/30 11:41:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/30 11:41:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/30 11:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/30 11:11:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/30 11:11:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/28 16:27:50 | 000,225,280 | ---- | C] (Brownstone Research Group) -- C:\WINDOWS\System32\Brgalg.dll
[2010/04/28 16:27:49 | 000,702,432 | ---- | C] (heilerSoftware) -- C:\WINDOWS\System\HEKRNL16.DLL
[2010/04/28 16:27:49 | 000,492,016 | ---- | C] (Brownstone Research Group) -- C:\WINDOWS\System\BRGDLG2.DLL
[2010/04/28 16:27:49 | 000,398,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VBRUN300.DLL
[2010/04/28 16:27:49 | 000,221,920 | ---- | C] (Data Techniques, Inc) -- C:\WINDOWS\System\IMGMAN2.DLL
[2010/04/28 16:27:49 | 000,128,848 | ---- | C] (VideoSoft) -- C:\WINDOWS\System\VSVIEW2.VBX
[2010/04/28 16:27:49 | 000,101,344 | ---- | C] (heilerSoftware) -- C:\WINDOWS\System\HEICON16.DLL
[2010/04/28 16:27:49 | 000,098,896 | ---- | C] (BeCubed Software, Inc.) -- C:\WINDOWS\System\MHGLBX.VBX
[2010/04/28 16:27:49 | 000,094,752 | ---- | C] (VideoSoft) -- C:\WINDOWS\System\VSVBX.VBX
[2010/04/28 16:27:49 | 000,085,428 | ---- | C] (Simplex Software) -- C:\WINDOWS\System\VBCTL3D.VBX
[2010/04/28 16:27:49 | 000,081,232 | ---- | C] (heilerSoftware) -- C:\WINDOWS\System\HERTF16.DLL
[2010/04/28 16:27:49 | 000,075,536 | ---- | C] (heilerSoftware) -- C:\WINDOWS\System\HEVB.VBX
[2010/04/28 16:27:49 | 000,073,232 | ---- | C] (BeCubed Software, Inc.) -- C:\WINDOWS\System\MHRUN600.DLL
[2010/04/28 16:27:49 | 000,071,488 | ---- | C] (heilerSoftware GmbH) -- C:\WINDOWS\System\FMTIO16.DLL
[2010/04/28 16:27:49 | 000,071,376 | ---- | C] (heilerSoftware) -- C:\WINDOWS\System\HEMENU16.DLL
[2010/04/28 16:27:49 | 000,064,432 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System\THREED.VBX
[2010/04/28 16:27:49 | 000,061,236 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System\FLABEL1.VBX
[2010/04/28 16:27:49 | 000,055,568 | ---- | C] (heilerSoftware) -- C:\WINDOWS\System\HEDLG16.DLL
[2010/04/28 16:27:49 | 000,046,384 | ---- | C] (VisualTools, Inc.) -- C:\WINDOWS\System\VTSPELL.VBX
[2010/04/28 16:27:49 | 000,045,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\GRID.VBX
[2010/04/28 16:27:49 | 000,043,104 | ---- | C] (Data Techniques, Inc) -- C:\WINDOWS\System\IM11TIF.DIL
[2010/04/28 16:27:49 | 000,037,104 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System\BMPLST2.VBX
[2010/04/28 16:27:49 | 000,033,984 | ---- | C] (heilerSoftware) -- C:\WINDOWS\System\HETOOL16.DLL
[2010/04/28 16:27:49 | 000,029,072 | ---- | C] (Data Techniques, Inc) -- C:\WINDOWS\System\IM11XJPG.DEL
[2010/04/28 16:27:49 | 000,022,528 | ---- | C] (Outrider Systems, Inc.) -- C:\WINDOWS\System\SPIN.VBX
[2010/04/28 16:27:49 | 000,022,304 | ---- | C] (Data Techniques, Inc) -- C:\WINDOWS\System\IM2PCX.DIL
[2010/04/28 16:27:49 | 000,020,454 | ---- | C] (Brownstone Research Group) -- C:\WINDOWS\System\BRGSET.DLL
[2010/04/28 16:27:49 | 000,017,648 | ---- | C] (Data Techniques, Inc) -- C:\WINDOWS\System\IM11PCX.DIL
[2010/04/28 16:27:49 | 000,017,408 | ---- | C] (SimPlex) -- C:\WINDOWS\System\SUBEZ.VBX
[2010/04/28 16:27:49 | 000,017,024 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System\MENUEV3.VBX
[2010/04/28 16:27:49 | 000,015,840 | ---- | C] (Thuridion Software Engineering, Inc.) -- C:\WINDOWS\System\PICCLIP.VBX
[2010/04/28 16:27:49 | 000,013,488 | ---- | C] (Data Techniques, Inc) -- C:\WINDOWS\System\IM11WMF.DIL
[2010/04/28 16:27:49 | 000,012,800 | ---- | C] (Data Techniques, Inc) -- C:\WINDOWS\System\IM11GIF.DIL
[2010/04/28 16:27:49 | 000,010,720 | ---- | C] (Data Techniques, Inc) -- C:\WINDOWS\System\IM2BMP.DIL
[2010/04/28 16:27:49 | 000,010,448 | ---- | C] (Data Techniques, Inc) -- C:\WINDOWS\System\IM2TGA.DIL
[2010/04/28 16:27:49 | 000,010,080 | ---- | C] (Data Techniques, Inc) -- C:\WINDOWS\System\IM11TGA.DIL
[2010/04/28 16:27:49 | 000,009,152 | ---- | C] (Data Techniques, Inc) -- C:\WINDOWS\System\IM11BMP.DIL
[2010/04/25 16:34:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eric J\Desktop\statue
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/15 19:08:48 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eric J\Desktop\OTL.exe
[2010/05/15 19:07:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/15 19:05:59 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Eric J\ntuser.dat
[2010/05/15 18:37:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/05/15 17:37:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/05/15 16:37:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/05/15 15:37:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/05/15 14:37:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/05/15 13:37:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/05/15 12:43:21 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{793AAD76-8D15-4B7B-A33E-C86070D96789}.job
[2010/05/15 12:39:12 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DriveImage XML.lnk
[2010/05/15 12:37:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/05/15 11:37:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/05/15 10:37:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/05/15 09:37:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/05/15 08:37:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/05/15 07:37:01 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/05/15 07:28:59 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/15 07:28:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/15 07:28:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/14 21:46:36 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Eric J\ntuser.ini
[2010/05/14 21:37:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/05/14 20:37:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/05/14 19:37:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/05/14 06:19:03 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/13 20:20:29 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Eric J\defogger_reenable
[2010/05/13 10:14:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/12 05:37:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/05/12 04:37:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/05/12 03:37:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/05/12 03:29:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/12 03:29:31 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/12 02:37:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/05/12 01:37:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/05/12 00:37:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/05/11 23:37:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/05/11 22:37:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/05/11 06:37:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/05/06 16:21:53 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/05/06 15:57:41 | 000,000,865 | ---- | M] () -- C:\WINDOWS\DIPLOMA.INI
[2010/05/06 15:56:18 | 000,000,085 | ---- | M] () -- C:\WINDOWS\BRGVARS.INI
[2010/05/06 14:05:40 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/06 14:05:40 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/06 14:05:40 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/06 14:05:40 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/05/06 14:05:39 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/06 09:40:44 | 000,001,580 | ---- | M] () -- C:\AKM Antivirus 2010 Pro.lnk
[2010/05/06 04:16:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
[2010/05/06 03:56:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
[2010/05/06 03:49:46 | 000,000,036 | ---- | M] () -- C:\Program Files\skynet.dat
[2010/05/06 03:36:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
[2010/05/06 03:16:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
[2010/05/06 02:56:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2010/05/06 02:36:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
[2010/05/06 02:16:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2010/05/06 01:56:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2010/05/06 01:36:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010/05/05 19:03:59 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/05/05 10:53:43 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\Eric J\Desktop\Click To Find and Fix PC Errors.lnk
[2010/05/05 10:53:42 | 000,000,593 | ---- | M] () -- C:\Documents and Settings\Eric J\Desktop\Clean My Registry.lnk
[2010/05/03 21:33:51 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\mfncknp.sys
[2010/05/03 21:31:55 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\hbxpqf.sys
[2010/05/03 21:22:48 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\hy666r.dat
[2010/05/03 19:54:06 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\esuhu.sys
[2010/05/03 15:01:28 | 000,000,147 | ---- | M] () -- C:\WINDOWS\System32\PRAGMAsrcr.dat
[2010/05/01 04:20:54 | 000,001,515 | ---- | M] () -- C:\Digital Protection Support.lnk
[2010/05/01 04:20:54 | 000,000,603 | ---- | M] () -- C:\Digital Protection.lnk
[2010/04/30 16:56:44 | 000,004,736 | ---- | M] () -- C:\WINDOWS\System32\o.sys
[2010/04/30 14:22:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/30 11:41:41 | 000,000,541 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/30 11:14:16 | 000,272,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/30 10:35:37 | 000,071,104 | ---- | M] () -- C:\Documents and Settings\Eric J\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/15 12:39:12 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriveImage XML.lnk
[2010/05/13 20:20:11 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Eric J\defogger_reenable
[2010/05/12 03:29:31 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/06 04:16:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe
[2010/05/06 03:56:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe
[2010/05/06 03:39:39 | 000,000,036 | ---- | C] () -- C:\Program Files\skynet.dat
[2010/05/06 03:36:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe
[2010/05/06 03:29:35 | 000,001,580 | ---- | C] () -- C:\AKM Antivirus 2010 Pro.lnk
[2010/05/06 03:16:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe
[2010/05/06 02:56:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2010/05/06 02:36:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2010/05/06 02:16:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2010/05/06 01:56:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2010/05/06 01:36:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010/05/05 19:04:09 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/05 19:03:01 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/05/05 10:53:42 | 000,000,596 | ---- | C] () -- C:\Documents and Settings\Eric J\Desktop\Click To Find and Fix PC Errors.lnk
[2010/05/05 10:53:42 | 000,000,593 | ---- | C] () -- C:\Documents and Settings\Eric J\Desktop\Clean My Registry.lnk
[2010/05/03 21:33:51 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\mfncknp.sys
[2010/05/03 21:31:55 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\hbxpqf.sys
[2010/05/03 19:54:06 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\esuhu.sys
[2010/05/03 15:01:28 | 000,000,147 | ---- | C] () -- C:\WINDOWS\System32\PRAGMAsrcr.dat
[2010/05/01 12:49:42 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/01 04:20:54 | 000,001,515 | ---- | C] () -- C:\Digital Protection Support.lnk
[2010/05/01 04:20:54 | 000,000,603 | ---- | C] () -- C:\Digital Protection.lnk
[2010/04/30 16:56:48 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hy666r.dat
[2010/04/30 16:56:44 | 000,004,736 | ---- | C] () -- C:\WINDOWS\System32\o.sys
[2010/04/30 16:45:59 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/04/30 16:45:59 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/04/30 16:45:59 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/04/30 16:45:59 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/04/30 16:45:59 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/04/30 16:45:58 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/04/30 16:45:58 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/04/30 16:45:58 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/04/30 16:45:57 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/04/30 16:45:57 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/04/30 16:45:56 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/04/30 16:45:56 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/04/30 16:45:56 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/04/30 16:45:56 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/04/30 16:45:55 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/04/30 16:45:55 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/04/30 16:45:55 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/04/30 16:45:54 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/04/30 16:45:54 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/04/30 16:45:54 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/04/30 16:45:54 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/04/30 16:45:53 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/04/30 16:45:53 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/04/30 16:45:53 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/04/30 11:41:41 | 000,000,541 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/28 16:27:58 | 000,000,865 | ---- | C] () -- C:\WINDOWS\DIPLOMA.INI
[2010/04/28 16:27:57 | 000,000,085 | ---- | C] () -- C:\WINDOWS\BRGVARS.INI
[2010/04/28 16:27:54 | 000,007,008 | ---- | C] () -- C:\WINDOWS\System\Setupkit.dll
[2010/04/28 16:27:53 | 000,040,384 | ---- | C] () -- C:\WINDOWS\System\Im2tiff.dil
[2010/04/28 16:27:53 | 000,010,624 | ---- | C] () -- C:\WINDOWS\System\Im2gif.dil
[2010/04/28 16:27:51 | 000,021,758 | ---- | C] () -- C:\WINDOWS\System\Brgenve.dll
[2010/04/28 16:27:51 | 000,021,758 | ---- | C] () -- C:\WINDOWS\System\Brgenvd.dll
[2010/04/28 16:27:51 | 000,021,758 | ---- | C] () -- C:\WINDOWS\System\Brgenvc.dll
[2010/04/28 16:27:51 | 000,021,758 | ---- | C] () -- C:\WINDOWS\System\Brgenvb.dll
[2010/04/28 16:27:51 | 000,021,758 | ---- | C] () -- C:\WINDOWS\System\Brgenva.dll
[2010/04/28 16:27:50 | 000,264,348 | ---- | C] () -- C:\WINDOWS\System\American.vtd
[2010/04/28 16:27:49 | 000,468,832 | ---- | C] () -- C:\WINDOWS\System\HTKRNL16.DLL
[2010/04/28 16:27:49 | 000,277,456 | ---- | C] () -- C:\WINDOWS\System\IMVB5.VBX
[2010/04/28 16:27:49 | 000,018,688 | ---- | C] () -- C:\WINDOWS\System\CMDIALOG.VBX
[2009/07/13 12:30:15 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\gl.dll
[2009/07/13 12:30:15 | 000,006,138 | ---- | C] () -- C:\WINDOWS\System32\e1.ini
[2008/01/01 17:58:28 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/12/30 22:35:55 | 000,005,872 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2007/12/30 22:28:53 | 000,004,969 | ---- | C] () -- C:\WINDOWS\System32\Sigfilt.ini
[2007/12/30 22:28:52 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/12/30 20:59:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/30 19:13:58 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\install.dll
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/10/21 10:59:59 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2006/09/24 11:53:54 | 000,268,242 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-parse.dll
[2006/09/24 11:53:42 | 002,518,779 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-enc.dll
[2006/09/24 11:52:04 | 000,030,693 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-int.dll
[2005/11/17 10:57:30 | 000,258,560 | ---- | C] () -- C:\WINDOWS\System32\MusicTagsAX.dll
[2005/10/14 20:10:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\comLyricGetter.dll
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/19 12:54:00 | 001,345,520 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
[2004/02/01 12:21:56 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll
[2003/08/07 13:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/05/23 11:47:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/05/23 11:47:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/05/23 11:47:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/05/23 11:47:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/10 04:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/04/25 08:28:14 | 000,871,040 | ---- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2005/07/19 21:59:26 | 000,093,440 | ---- | M] (NVIDIA Corporation) MD5=52B64661469FA11E51C006099B251FA7 -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys
[2005/07/19 21:59:26 | 000,093,440 | ---- | M] (NVIDIA Corporation) MD5=52B64661469FA11E51C006099B251FA7 -- C:\WINDOWS\system32\drivers\NvAtaBus.sys

< MD5 for: NVRAID.SYS >
[2005/07/19 21:59:28 | 000,076,544 | ---- | M] (NVIDIA Corporation) MD5=9CA8859CA78EEB39ED3346A7BC89057B -- C:\WINDOWS\dell\nvraid\nvraid.sys
[2005/07/19 21:59:28 | 000,076,544 | ---- | M] (NVIDIA Corporation) MD5=9CA8859CA78EEB39ED3346A7BC89057B -- C:\WINDOWS\system32\drivers\nvraid.sys

< MD5 for: SCECLI.DLL >
[2004/08/10 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 17:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/12/30 10:33:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/12/30 10:33:18 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/12/30 10:33:18 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/14 12:29:58 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\cfwids.sys
[2010/05/03 19:54:06 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\esuhu.sys
[2010/05/03 21:31:55 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\hbxpqf.sys
[2010/05/14 06:19:03 | 000,015,944 | ---- | M] () -- C:\WINDOWS\system32\drivers\hitmanpro35.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/04/14 12:29:58 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeapfk.sys
[2010/04/14 12:29:58 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys
[2010/04/14 12:29:58 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys
[2010/04/14 12:29:58 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeclnk.sys
[2010/04/14 12:29:58 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfefirek.sys
[2010/04/14 12:29:58 | 000,385,536 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys
[2010/04/14 12:29:58 | 000,088,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfendisk.sys
[2010/04/14 12:29:58 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdet.sys
[2010/04/14 12:29:58 | 000,082,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys
[2010/05/03 21:33:51 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\mfncknp.sys
[2010/02/24 06:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF
< End of report >



OTL Extras logfile created on: 5/15/2010 7:11:50 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Eric J\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 396.00 Mb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.80 Gb Total Space | 2.06 Gb Free Space | 2.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.76 Gb Total Space | 339.26 Gb Free Space | 72.84% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ERICCJ
Current User Name: Eric J
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"56560:TCP" = 56560:TCP:*:Enabled:Pando Media Booster
"56560:UDP" = 56560:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- File not found
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- (Azureus Inc)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- File not found
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"E:\New Folder\Update Service\Update Service.exe" = E:\New Folder\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- File not found
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{0128A79D-D481-448E-89E1-F697B70DEC44}" = Thomson Clinical Xpert
"{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}" = NVIDIA DVD Decoder
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}" = HP Driver Diagnostics
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F0CEFF1-BA8D-4B6B-BA54-4733C308172B}" = CEcraft Pinball : Angel Egg
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{55251924-B51C-4E66-8199-5258672518C5}" = Epocrates Essentials for Pocket PC
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110080840}" = Cue Club
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}" = Andrea VoiceCenter
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90AB0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 1
"{90AC0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 2
"{90AD0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 3
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-0038-0409-0000-0000000FF1CE}" = Time Zone Data Update Tool for Microsoft Office Outlook
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9CFF910-6B4D-434A-85E8-F8A385140174}" = Belkin 11Mbps Wireless USB Network Adapter
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{ED5FE275-944A-4E31-A109-FC9CD9E5AEA4}" = NVIDIA Media Center extensions for DVD
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online ģ: Eberron Unlimited ô v01.11.00.812
"42 Bit Scanner" = 42 Bit Scanner
"AC3Filter" = AC3Filter (remove only)
"ACNP Certification Prep with Tutor Testing Software" = ACNP Certification Prep with Tutor Testing Software
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"ATI Display Driver" = ATI Display Driver
"Azureus Vuze" = Azureus Vuze
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Baseball Addict" = Baseball Addict
"BilliardMaster" = BilliardMaster
"Blaze Media Pro" = Blaze Media Pro
"Bowling Master" = Bowling Master
"Call of Duty 2 for Pocket PC" = Call of Duty 2 for Pocket PC
"Clean My Registry_is1" = Clean My Registry v5.2
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Free Medical Dictionary_is1" = Free Medical Dictionary 1.0
"Google Maps With GPS Tracker_is1" = 15.0
"Hexacto ScoreCast" = Hexacto ScoreCast
"High Seas" = High Seas
"HitmanPro35" = Hitman Pro 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Infinite Ventures BattleDwarves_ARM" = Infinite Ventures BattleDwarves_ARM
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaInfo" = MediaInfo 0.7.15
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MIKSOFT Mobile AMR converter_is1" = MIKSOFT Mobile AMR converter
"Mobile Media Converter_is1" = MIKSOFT Mobile Media Converter
"Mpeg2Decoder_is1" = Mpeg2Decoder 1.3
"MSC" = McAfee Total Protection
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Connections Drivers
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"RealPlayer 12.0" = RealPlayer
"StarBurn(GiveAwayOfTheDay)_is1" = StarBurn(GiveAwayOfTheDay) Version 10 (Build 0x20080730)
"Starships Unlimited v33.50" = Starships Unlimited v3
"SystemRequirementsLab" = System Requirements Lab
"Update Service" = Update Service
"VLC media player" = VLC media player 1.0.3
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobileģ Device Handbook
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1214440339-261903793-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Medicos" = Medicos
"Trader Workstation" = Trader Workstation

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/13/2010 11:39:00 PM | Computer Name = ERICCJ | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft ActiveSync -- Error.No valid source could be found
for product Microsoft ActiveSync. The Windows Installer cannot continue.

Error - 5/14/2010 12:06:26 AM | Computer Name = ERICCJ | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15281, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/14/2010 12:06:33 AM | Computer Name = ERICCJ | Source = Application Hang | ID = 1001
Description = Fault bucket 1608518328.

Error - 5/14/2010 12:26:00 AM | Computer Name = ERICCJ | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15281, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/14/2010 12:26:04 AM | Computer Name = ERICCJ | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15281, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/14/2010 12:33:28 AM | Computer Name = ERICCJ | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft ActiveSync -- Error.No valid source could be found
for product Microsoft ActiveSync. The Windows Installer cannot continue.

Error - 5/14/2010 9:21:15 AM | Computer Name = ERICCJ | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft ActiveSync -- Error.No valid source could be found
for product Microsoft ActiveSync. The Windows Installer cannot continue.

Error - 5/14/2010 3:02:19 PM | Computer Name = ERICCJ | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft ActiveSync -- Error.No valid source could be found
for product Microsoft ActiveSync. The Windows Installer cannot continue.

Error - 5/15/2010 10:41:22 AM | Computer Name = ERICCJ | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/15/2010 10:41:44 AM | Computer Name = ERICCJ | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

[ OSession Events ]
Error - 8/12/2009 1:56:55 PM | Computer Name = ERICCJ | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 91513
seconds with 1080 seconds of active time. This session ended with a crash.

Error - 9/1/2009 3:04:34 PM | Computer Name = ERICCJ | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4595
seconds with 360 seconds of active time. This session ended with a crash.

Error - 9/22/2009 1:20:48 PM | Computer Name = ERICCJ | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 95602
seconds with 3540 seconds of active time. This session ended with a crash.

Error - 10/8/2009 12:13:09 AM | Computer Name = ERICCJ | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 32237
seconds with 1620 seconds of active time. This session ended with a crash.

Error - 11/2/2009 8:44:58 PM | Computer Name = ERICCJ | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 248010
seconds with 2460 seconds of active time. This session ended with a crash.

Error - 12/15/2009 4:09:43 PM | Computer Name = ERICCJ | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 96465
seconds with 1560 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/15/2010 1:37:00 PM | Computer Name = ERICCJ | Source = Schedule | ID = 7901
Description = The At11.job command failed to start due to the following error: %%2147942402

Error - 5/15/2010 2:37:00 PM | Computer Name = ERICCJ | Source = Schedule | ID = 7901
Description = The At12.job command failed to start due to the following error: %%2147942402

Error - 5/15/2010 3:37:00 PM | Computer Name = ERICCJ | Source = Schedule | ID = 7901
Description = The At13.job command failed to start due to the following error: %%2147942402

Error - 5/15/2010 4:37:00 PM | Computer Name = ERICCJ | Source = Schedule | ID = 7901
Description = The At14.job command failed to start due to the following error: %%2147942402

Error - 5/15/2010 5:37:00 PM | Computer Name = ERICCJ | Source = Schedule | ID = 7901
Description = The At15.job command failed to start due to the following error: %%2147942402

Error - 5/15/2010 6:37:00 PM | Computer Name = ERICCJ | Source = Schedule | ID = 7901
Description = The At16.job command failed to start due to the following error: %%2147942402

Error - 5/15/2010 7:37:00 PM | Computer Name = ERICCJ | Source = Schedule | ID = 7901
Description = The At17.job command failed to start due to the following error: %%2147942402

Error - 5/15/2010 8:37:00 PM | Computer Name = ERICCJ | Source = Schedule | ID = 7901
Description = The At18.job command failed to start due to the following error: %%2147942402

Error - 5/15/2010 9:37:00 PM | Computer Name = ERICCJ | Source = Schedule | ID = 7901
Description = The At19.job command failed to start due to the following error: %%2147942402

Error - 5/15/2010 10:37:00 PM | Computer Name = ERICCJ | Source = Schedule | ID = 7901
Description = The At20.job command failed to start due to the following error: %%2147942402


< End of report >


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:49 AM

Posted 17 May 2010 - 05:32 AM

Hi,

please try to run a scan with gmer again. Before scanning uncheck the option devices and let me know if the program still freezes for you.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 thisaintgood

thisaintgood
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 17 May 2010 - 04:52 PM

Hi Myrti,

I tried to run GMER but couldnt get it to complete.

First time i got BSOD and code D0000144

Second time i got BSOD and 0x0000007F (all the rest 0's)

The third and fourth time my computer restarted itself after GMER had been running for 10-15 min.

When i restart my computer, Microsoft installer comes on trying to install Active sync 4.5 (used to sync my phone) and Hitman Pro 3.5 also starts to scan my computer. I hit cancel for both.

-Eric

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:49 AM

Posted 17 May 2010 - 05:43 PM

Hi,

one final try please:
please try to uncheck everything except sections as shown in this picture:


Let me know if the scan does now complete.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 thisaintgood

thisaintgood
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 17 May 2010 - 09:23 PM

o.k. Finally got it to run. Froze when i tried to save the log the first time and gave me the BSOD D0000144, but was able to get it the second time.

Attached Files

  • Attached File  ark.txt   69.34KB   9 downloads


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:49 AM

Posted 18 May 2010 - 11:58 AM

Hi,

please run a scan with ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 thisaintgood

thisaintgood
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 18 May 2010 - 01:49 PM

Hi Myrti,
I hope this is progress...

This is what i got form combofix

ComboFix 10-05-16.06 - Eric J 05/18/2010 10:55:12.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.537 [GMT -7:00]
Running from: c:\documents and settings\Eric J\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
The following files were disabled during the run:
c:\documents and settings\Eric J\Local Settings\Application Data\Windows Server\ozwuee.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\YwQ886a3.exe
c:\documents and settings\Eric J\Local Settings\Application Data\Windows Server
c:\documents and settings\Eric J\Local Settings\Application Data\Windows Server\ozwuee.dll
c:\program files\Common Files\Java\Java Update\jusched.exe
c:\program files\Creative\VoiceCenter\AndreaVC .exe
c:\program files\Creative\VoiceCenter\AndreaVC .exe
c:\program files\Creative\VoiceCenter\AndreaVC .exe
c:\program files\Creative\VoiceCenter\AndreaVC .exe
c:\program files\Creative\VoiceCenter\AndreaVC .exe
c:\program files\Creative\VoiceCenter\AndreaVC .exe
c:\program files\Microsoft ActiveSync\wcescomm .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\scdata
c:\program files\scdata\images\i1.gif
c:\program files\scdata\images\i2.gif
c:\program files\scdata\images\i3.gif
c:\program files\scdata\images\j1.gif
c:\program files\scdata\images\j2.gif
c:\program files\scdata\images\j3.gif
c:\program files\scdata\images\jj1.gif
c:\program files\scdata\images\jj2.gif
c:\program files\scdata\images\jj3.gif
c:\program files\scdata\images\l1.gif
c:\program files\scdata\images\l2.gif
c:\program files\scdata\images\l3.gif
c:\program files\scdata\images\pix.gif
c:\program files\scdata\images\t1.gif
c:\program files\scdata\images\t2.gif
c:\program files\scdata\images\Thumbs.db
c:\program files\scdata\images\up1.gif
c:\program files\scdata\images\up2.gif
c:\program files\scdata\images\w1.gif
c:\program files\scdata\images\w11.gif
c:\program files\scdata\images\w2.gif
c:\program files\scdata\images\w3.jpg
c:\program files\scdata\images\word.doc
c:\program files\scdata\images\wt1.gif
c:\program files\scdata\images\wt2.gif
c:\program files\scdata\images\wt3.gif
c:\program files\scdata\wispex.html
c:\program files\skynet.dat
c:\windows\system32\11478.exe
c:\windows\system32\15724.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\24464.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\29358.exe
c:\windows\system32\6334.exe
c:\windows\system32\Data
c:\windows\system32\drivers\1028_DELL_XPS_Dell DM051 .MRK
c:\windows\system32\drivers\DELL_XPS_Dell DM051 .MRK
c:\windows\system32\drivers\esuhu.sys
c:\windows\system32\drivers\hbxpqf.sys
c:\windows\system32\drivers\mfncknp.sys
c:\windows\system32\PRAGMAerrors.log
c:\windows\system32\PRAGMAsrcr.dat
c:\windows\system32\skinboxer43.dll
c:\windows\system32\twain.dll
c:\windows\UpdReg .exe
e:\malwa\Malwarebytes' Anti-Malware\mbam.exe

CODE
<pre>
c:\program files\Common Files\Java\Java Update\jusched .exe ---^> c:\program files\Common Files\Java\Java Update\jusched.exe
c:\program files\Creative\VoiceCenter\AndreaVC         .exe ---^> c:\program files\Creative\VoiceCenter\AndreaVC.exe
c:\program files\Microsoft ActiveSync\wcescomm   .exe ---^> c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\program files\QuickTime\qttask         .exe ---^> c:\program files\QuickTime\qttask.exe
</pre>

.
Infected copy of c:\windows\system32\drivers\disk.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PRAGMAPYLQIENWEV
-------\Service_PRAGMApylqienwev
-------\Legacy_fptbt
-------\Legacy_mgptk
-------\Legacy_pxps
-------\Service_fptbt
-------\Service_mgptk
-------\Service_pxps


((((((((((((((((((((((((( Files Created from 2010-04-18 to 2010-05-18 )))))))))))))))))))))))))))))))
.

2010-05-15 19:39 . 2010-05-15 19:39 -------- d-----w- c:\program files\Runtime Software
2010-05-12 10:29 . 2010-05-12 10:29 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-08 14:38 . 2010-05-08 14:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-05-07 17:02 . 2010-05-07 17:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-05-06 02:16 . 2010-05-06 23:21 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-05-06 02:04 . 2010-05-17 20:24 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-05-06 02:03 . 2010-05-06 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-05-06 02:03 . 2010-05-18 17:22 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-05-05 17:53 . 2010-05-05 17:53 -------- d-----w- c:\documents and settings\Eric J\Application Data\Smart PC Solutions
2010-05-05 17:20 . 2010-05-06 21:05 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-01 19:49 . 2010-05-12 10:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-01 11:20 . 2010-05-01 11:20 -------- d-----w- C:\Digital Protection
2010-05-01 10:52 . 2010-05-01 10:52 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-04-30 23:56 . 2010-04-30 23:56 4736 ----a-w- c:\windows\system32\o.sys
2010-04-30 20:53 . 2010-04-30 20:56 -------- dc-h--w- c:\windows\ie8
2010-04-30 20:22 . 2010-04-30 20:22 -------- d-----w- c:\documents and settings\Eric J\Application Data\ElevatedDiagnostics
2010-04-30 18:42 . 2010-04-30 18:42 -------- d-----w- c:\documents and settings\Eric J\Application Data\Malwarebytes
2010-04-30 18:41 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-30 18:41 . 2010-04-30 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-30 18:41 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-30 18:10 . 2010-04-30 18:10 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 18:26 . 2009-02-05 01:16 -------- d-----w- c:\program files\QuickTime
2010-05-18 18:26 . 2007-12-31 03:58 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-05-18 17:22 . 2010-04-30 23:56 112 ----a-w- c:\documents and settings\All Users\Application Data\hy666r.dat
2010-05-16 16:09 . 2009-10-27 03:42 -------- d-----w- c:\program files\Google
2010-05-05 17:21 . 2008-03-23 02:51 -------- d-----w- c:\program files\Common Files\Java
2010-05-05 17:20 . 2008-03-23 02:52 -------- d-----w- c:\program files\Java
2010-05-01 02:01 . 2009-07-16 21:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-30 17:35 . 2007-12-31 05:10 71104 ----a-w- c:\documents and settings\Eric J\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-28 00:16 . 2010-03-18 15:44 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-04-28 00:16 . 2010-03-18 15:44 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-04-28 00:16 . 2010-03-18 15:44 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-04-28 00:16 . 2010-03-18 15:44 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-04-28 00:16 . 2010-03-18 15:44 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-04-28 00:16 . 2010-03-18 15:44 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-04-28 00:16 . 2010-03-18 15:44 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-28 00:16 . 2010-03-18 15:44 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-04-28 00:16 . 2008-03-19 02:09 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-28 00:16 . 2008-03-19 02:09 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-03-23 14:14 . 2009-12-28 22:57 -------- d-----w- c:\program files\McAfee.com
2010-03-10 06:15 . 2004-08-10 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-10 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-10 11:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2008-09-09 19:07 . 2008-09-09 19:07 1070 -c--a-w- c:\program files\Quicken.QIF
.
CODE
<pre>
c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\Creative\MediaSource\Detector\CTDetect .exe
c:\program files\Hitman Pro 3.5\HitmanPro35[1] .exe
c:\program files\McAfee.com\Agent\mcagent .exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
c:\program files\Pando Networks\Media Booster\PMB .exe
c:\windows\ehome\ehtray .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-23 24576]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC .exe" [N/A]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-16 57344]
"MBMon"="CTMBHA.DLL" [2005-05-19 1345520]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-02 1180976]
"Malwarebytes Anti-Malware (rootkit-scan)"="e:\malwa\Malwarebytes' Anti-Malware\mbam.exe" [N/A]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35[1].exe" [N/A]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Eric J\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"e:\\New Folder\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"56560:TCP"= 56560:TCP:Pando Media Booster
"56560:UDP"= 56560:UDP:Pando Media Booster

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [3/18/2010 8:44 AM 82952]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [10/28/2007 8:35 AM 583128]
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [10/26/2007 6:53 AM 250560]
R2 k;k;c:\windows\system32\o.sys [4/30/2010 4:56 PM 4736]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/28/2009 4:00 PM 93320]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/18/2010 8:44 AM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [3/18/2010 8:44 AM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [3/18/2010 8:44 AM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [3/18/2010 8:44 AM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [3/18/2010 8:44 AM 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [3/18/2010 8:44 AM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [3/18/2010 8:44 AM 88480]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2009 9:51 PM 135664]
S3 Belkin Belkin 11Mbps Wireless USB Network Adapter®;Belkin Belkin 11Mbps Wireless USB Network Adapter® Service for Belkin 11Mbps Wireless USB Network Adapter;c:\windows\system32\drivers\bkusbxp.sys [12/30/2007 7:13 PM 101099]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [7/16/2009 12:35 PM 13224]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [3/18/2010 8:44 AM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/18/2010 8:44 AM 83496]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [7/16/2009 12:45 PM 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [7/16/2009 12:45 PM 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [7/16/2009 12:45 PM 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [7/16/2009 12:45 PM 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [7/16/2009 12:45 PM 98568]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/5/2008 1:50 PM 717296]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2010-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 04:51]

2010-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 04:51]

2010-05-17 c:\windows\Tasks\User_Feed_Synchronization-{793AAD76-8D15-4B7B-A33E-C86070D96789}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HitmanPro35 - c:\program files\Hitman Pro 3.5\HitmanPro35[1].exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-18 11:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5a,ba,53,47,b4,cb,4e,46,a7,11,59,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5a,ba,53,47,b4,cb,4e,46,a7,11,59,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1056)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(8332)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\CTsvcCDA.EXE
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\stsystra.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\Rundll32.exe
c:\docume~1\ERICJ~1\LOCALS~1\Temp\clclean.0001
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2010-05-18 11:42:13 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-18 18:41

Pre-Run: 4,141,232,128 bytes free
Post-Run: 5,925,027,840 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - AE6ACCDCDED9776ECCF7BBF75779251A


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:49 AM

Posted 18 May 2010 - 05:29 PM

Hi,

this is definitely progress, but there is some more left. Please run this script:

Open notepad and copy/paste the text in the quotebox below into it:

CODE
http://www.bleepingcomputer.com/forums/t/316864/browser-redirect-gmer-freezes/
RenV::
c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\Creative\MediaSource\Detector\CTDetect .exe
c:\program files\Hitman Pro 3.5\HitmanPro35[1] .exe
c:\program files\McAfee.com\Agent\mcagent .exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
c:\program files\Pando Networks\Media Booster\PMB .exe
c:\windows\ehome\ehtray .exe

Folder::
c:\documents and settings\Eric J\Local Settings\Application Data\Windows Server
Collect::
c:\windows\system32\o.sys
Driver::
k


Save this as CFScript.txt





Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 thisaintgood

thisaintgood
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 18 May 2010 - 06:51 PM

o.k. so i copied the script, saved it and dragged it into combofix like you said. A window popped up saying there was a new version of combofix available, do i want to download it, i clicked no. combofix ran, when it rebooted my computer, hitman pro 3.5 tried to start (didn't do that last time i ran combofix) and i clicked cancel. i also got a window that popped up stating "error loading CTMBHA.DLL A dynamick link library (DLL) initialization routine failed" I clicked O.K. and combofix resumed what it was doing and then gave me this log...

I was connected to the internet, but no window/message box came up at the endo of combofix running

OOPS! I just checked and saw that Mcafee had turned my firewall on again (before i did the above steps i assume). It is now off for good (what i thought i did before). Should i run through this again? Sorry for the screw up.


ComboFix 10-05-16.06 - Eric J 05/18/2010 16:05:44.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.469 [GMT -7:00]
Running from: c:\documents and settings\Eric J\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Eric J\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

file zipped: c:\windows\system32\o.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ERICJ~1\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\documents and settings\Eric J\Local Settings\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\windows\system32\o.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_K
-------\Service_k


((((((((((((((((((((((((( Files Created from 2010-04-18 to 2010-05-18 )))))))))))))))))))))))))))))))
.

2010-05-15 19:39 . 2010-05-15 19:39 -------- d-----w- c:\program files\Runtime Software
2010-05-12 10:29 . 2010-05-12 10:29 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-08 14:38 . 2010-05-08 14:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-05-07 17:02 . 2010-05-07 17:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-05-06 02:16 . 2010-05-06 23:21 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-05-06 02:04 . 2010-05-17 20:24 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-05-06 02:03 . 2010-05-06 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-05-06 02:03 . 2010-05-18 23:05 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-05-05 17:53 . 2010-05-05 17:53 -------- d-----w- c:\documents and settings\Eric J\Application Data\Smart PC Solutions
2010-05-05 17:20 . 2010-05-06 21:05 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-01 19:49 . 2010-05-12 10:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-01 11:20 . 2010-05-01 11:20 -------- d-----w- C:\Digital Protection
2010-05-01 10:52 . 2010-05-01 10:52 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-04-30 20:53 . 2010-04-30 20:56 -------- dc-h--w- c:\windows\ie8
2010-04-30 20:22 . 2010-04-30 20:22 -------- d-----w- c:\documents and settings\Eric J\Application Data\ElevatedDiagnostics
2010-04-30 18:42 . 2010-04-30 18:42 -------- d-----w- c:\documents and settings\Eric J\Application Data\Malwarebytes
2010-04-30 18:41 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-30 18:41 . 2010-04-30 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-30 18:41 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-30 18:10 . 2010-04-30 18:10 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 18:26 . 2009-02-05 01:16 -------- d-----w- c:\program files\QuickTime
2010-05-18 18:26 . 2007-12-31 03:58 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-05-18 17:22 . 2010-04-30 23:56 112 ----a-w- c:\documents and settings\All Users\Application Data\hy666r.dat
2010-05-16 16:09 . 2009-10-27 03:42 -------- d-----w- c:\program files\Google
2010-05-05 17:21 . 2008-03-23 02:51 -------- d-----w- c:\program files\Common Files\Java
2010-05-05 17:20 . 2008-03-23 02:52 -------- d-----w- c:\program files\Java
2010-05-01 02:01 . 2009-07-16 21:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-30 17:35 . 2007-12-31 05:10 71104 ----a-w- c:\documents and settings\Eric J\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-28 00:16 . 2010-03-18 15:44 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-04-28 00:16 . 2010-03-18 15:44 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-04-28 00:16 . 2010-03-18 15:44 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-04-28 00:16 . 2010-03-18 15:44 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-04-28 00:16 . 2010-03-18 15:44 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-04-28 00:16 . 2010-03-18 15:44 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-04-28 00:16 . 2010-03-18 15:44 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-28 00:16 . 2010-03-18 15:44 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-04-28 00:16 . 2008-03-19 02:09 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-28 00:16 . 2008-03-19 02:09 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-03-23 14:14 . 2009-12-28 22:57 -------- d-----w- c:\program files\McAfee.com
2010-03-10 06:15 . 2004-08-10 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-10 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-10 11:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2008-09-09 19:07 . 2008-09-09 19:07 1070 -c--a-w- c:\program files\Quicken.QIF
.
CODE
<pre>
c:\program files\McAfee.com\Agent\mcagent .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-23 24576]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC .exe" [N/A]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-16 57344]
"MBMon"="CTMBHA.DLL" [2005-05-19 1345520]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-02 1180976]
"Malwarebytes Anti-Malware (rootkit-scan)"="e:\malwa\Malwarebytes' Anti-Malware\mbam.exe" [N/A]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Eric J\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"e:\\New Folder\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"56560:TCP"= 56560:TCP:Pando Media Booster
"56560:UDP"= 56560:UDP:Pando Media Booster

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [3/18/2010 8:44 AM 82952]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [10/28/2007 8:35 AM 583128]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/28/2009 4:00 PM 93320]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/18/2010 8:44 AM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [3/18/2010 8:44 AM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [3/18/2010 8:44 AM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [3/18/2010 8:44 AM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [3/18/2010 8:44 AM 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [3/18/2010 8:44 AM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [3/18/2010 8:44 AM 88480]
S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [10/26/2007 6:53 AM 250560]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2009 9:51 PM 135664]
S3 Belkin Belkin 11Mbps Wireless USB Network Adapter®;Belkin Belkin 11Mbps Wireless USB Network Adapter® Service for Belkin 11Mbps Wireless USB Network Adapter;c:\windows\system32\drivers\bkusbxp.sys [12/30/2007 7:13 PM 101099]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [7/16/2009 12:35 PM 13224]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [3/18/2010 8:44 AM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/18/2010 8:44 AM 83496]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [7/16/2009 12:45 PM 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [7/16/2009 12:45 PM 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [7/16/2009 12:45 PM 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [7/16/2009 12:45 PM 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [7/16/2009 12:45 PM 98568]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/5/2008 1:50 PM 717296]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2010-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 04:51]

2010-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 04:51]

2010-05-18 c:\windows\Tasks\User_Feed_Synchronization-{793AAD76-8D15-4B7B-A33E-C86070D96789}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-18 16:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5a,ba,53,47,b4,cb,4e,46,a7,11,59,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5a,ba,53,47,b4,cb,4e,46,a7,11,59,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1052)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1680)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\CTsvcCDA.EXE
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2010-05-18 16:35:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-18 23:35
ComboFix2.txt 2010-05-18 18:42

Pre-Run: 5,911,388,160 bytes free
Post-Run: 5,873,147,904 bytes free

- - End Of File - - CF251AA0A3E65CBCAF408B79C0763749


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:49 AM

Posted 18 May 2010 - 07:07 PM

Hi,

this is looking much better. How is your PC doing? Let me know if the error continues appearing on boot.

It seems the upload wasn't successful, please Please go to C:\qoobox\quarantine and locate the file [4]Submit_<date and time>.zip, where date and time are the date and time when you ran ComboFix.Afterwards please visit this site and follow the instructions for uploading the file.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 thisaintgood

thisaintgood
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 18 May 2010 - 08:21 PM

I uploaded the zip file.

Rebooted my computer. It is no longer trying to install ActiveSync (will add/delete it and reinstall it after this virus stuff is finnished.) HitmanPro 3.5 still tries to scan at startup, i would like to delete that program (through add/delete) if you say it is o.k.

IE and google do not seem to be redirecting me. Very Nice!

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:49 AM

Posted 19 May 2010 - 07:45 AM

Hi,

thanks for the upload! smile.gif Yes, feel free to remove HitmanPro.

Please also run a scan with Eset to check for leftovers:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
regards myrti

Edited by myrti, 19 May 2010 - 07:45 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 thisaintgood

thisaintgood
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 19 May 2010 - 02:35 PM

Myrti,

O.K. did the scan and this is what it found. The box box (delete or quarantine? infected files was checked too.)
Thanks.

C:\Documents and Settings\Eric J\Application Data\Sun\Java\Deployment\cache\6.0\15\4fcd05cf-39ab98f8 probably a variant of Java/TrojanDownloader.Agent.AB trojan cleaned by deleting - quarantined
C:\Documents and Settings\Eric J\Application Data\Sun\Java\Deployment\cache\6.0\52\e649f74-2b840213 a variant of Java/TrojanDownloader.Agent.NAN trojan deleted - quarantined
C:\Documents and Settings\Eric J\Application Data\Sun\Java\Deployment\cache\6.0\57\4839f1b9-45f07ee2 multiple threats deleted - quarantined
C:\Documents and Settings\Eric J\Application Data\Sun\Java\Deployment\cache\6.0\60\59af077c-113c5ef0 multiple threats deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\2\299bd202-4e7c2964 Java/TrojanDownloader.Agent.NAM trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\YwQ886a3.exe.vir Win32/TrojanClicker.Agent.NEB trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Eric J\Local Settings\Application Data\Windows Server\ozwuee.dll.vir Win32/Bamital.AV trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Common Files\Java\Java Update\jusched.exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Creative\VoiceCenter\AndreaVC .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Creative\VoiceCenter\AndreaVC .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Creative\VoiceCenter\AndreaVC .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Creative\VoiceCenter\AndreaVC .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Creative\VoiceCenter\AndreaVC .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Creative\VoiceCenter\AndreaVC .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Microsoft ActiveSync\wcescomm .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\scdata\wispex.html.vir Win32/Adware.WinAntiVirus application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\disk.sys.vir Win32/Olmarik.ZC trojan cleaned - quarantined
C:\Qoobox\Quarantine\E\malwa\Malwarebytes' Anti-Malware\mbam.exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2A168195-5AEB-420E-9F10-B879681416FF}\RP1\A0002006.com Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2A168195-5AEB-420E-9F10-B879681416FF}\RP1\A0011132.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2A168195-5AEB-420E-9F10-B879681416FF}\RP1\A0011170.dll Win32/Bamital.AV trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2A168195-5AEB-420E-9F10-B879681416FF}\RP1\A0011205.sys Win32/Olmarik.ZC trojan cleaned - quarantined
C:\System Volume Information\_restore{2A168195-5AEB-420E-9F10-B879681416FF}\RP1\A0011243.exe Win32/TrojanClicker.Agent.NEB trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2A168195-5AEB-420E-9F10-B879681416FF}\RP1\A0011244.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2A168195-5AEB-420E-9F10-B879681416FF}\RP1\A0011245.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2A168195-5AEB-420E-9F10-B879681416FF}\RP1\A0011246.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2A168195-5AEB-420E-9F10-B879681416FF}\RP1\A0011247.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2A168195-5AEB-420E-9F10-B879681416FF}\RP1\A0011248.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2A168195-5AEB-420E-9F10-B879681416FF}\RP1\A0011249.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2A168195-5AEB-420E-9F10-B879681416FF}\RP1\A0011250.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2A168195-5AEB-420E-9F10-B879681416FF}\RP1\A0011251.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2A168195-5AEB-420E-9F10-B879681416FF}\RP1\A0011252.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2A168195-5AEB-420E-9F10-B879681416FF}\RP1\A0011253.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2A168195-5AEB-420E-9F10-B879681416FF}\RP1\A0011254.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2A168195-5AEB-420E-9F10-B879681416FF}\RP1\A0011255.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2A168195-5AEB-420E-9F10-B879681416FF}\RP1\A0011256.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2A168195-5AEB-420E-9F10-B879681416FF}\RP1\A0011257.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2A168195-5AEB-420E-9F10-B879681416FF}\RP1\A0011258.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\WINDOWS\ehome\ehtray.exe.tmp Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users