Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Virus? Windows XP disappeared, browser redirected to vip-127.com


  • This topic is locked This topic is locked
38 replies to this topic

#1 midnite500

midnite500

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:06:50 PM

Posted 30 May 2010 - 07:29 PM

Can someone help? A couple of days ago, my computer started acting strange. These issues occured:

1. Windows XP THEME disappeared so I am only left with a Windows "Classic" THEME. I thought that Windows XP was not running under run/services.msc but it appears to be "started" and running.

2. Browser would be redirected to vip-127.com (or something like that). It may not be vip-127.com but it is something like that. It hasn't happened for a few hours so I cannot recall the exact website. But I think virus is lurking.

3. Intermittent connectivity issues in which browser address is 0.0.0.0. This does not appear to be an issue now.

I ran Malwarebytes, McAfee and Spybot and could not find anything. I believe this is a relatively new virus because I googled it and it appears that people have been getting it in the past week.

Can you help or look at my HiJack and Combofix logs below? Thank you in advance.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:28:06 PM, on 5/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesMicrosoft Security EssentialsMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
c:program filescommon fileslogishrdlvmvfmLVPrcSrv.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesCommon FilesCreative Labs SharedServiceCreativeLicensing.exe
C:WINDOWSsystem32CTsvcCDA.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesIntelIntel Matrix Storage ManagerIaantmon.exe
C:Program FilesCommon FilesIntuitUpdate ServiceIntuitUpdateService.exe
C:Program FilesJavajre6binjqs.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesMcAfeeMPFMPFSrv.exe
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesTrend MicroRUBottedTMRUBotted.exe
c:PROGRA~1mcafee.comagentmcagent.exe
C:Program FilesComcastDesktop Doctorbinsprtsvc.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesTomTom HOME 2TomTomHOMEService.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE
C:WINDOWSsystem32dllhost.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe
C:WINDOWSehomeehtray.exe
C:WINDOWSstsystra.exe
C:Program FilesIntelIntel Matrix Storage ManagerIaanotif.exe
C:Program FilesCreativeSBAudigySurround MixerCTSysVol.exe
C:WINDOWSsystem32Rundll32.exe
C:WINDOWSSystem32DLADLACTRLW.EXE
C:WINDOWSvVX1000.exe
C:Program FilesCommon FilesLogiShrdLComMgrCommunications_Helper.exe
C:Program FilesDellMedia ExperienceDMXLauncher.exe
C:Program FilesiTunesiTunesHelper.exe
C:WINDOWSeHomeehmsas.exe
C:Program FilesMcAfeeMBKMcAfeeDataBackup.exe
C:Program FilesMicrosoft Security Essentialsmsseces.exe
C:Program FilesTrend MicroRUBottedTMRUBottedTray.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesDigital Line DetectDLG.exe
C:DOCUME~1PatrickLOCALS~1Tempclclean.0001
C:WINDOWSSystem32svchost.exe
C:Program FilesiPodbiniPodService.exe
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesTrend MicroHijackThisHiJackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061022
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKLMSoftwareMicrosoftInternet ExplorerSearch,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061022
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=127.0.0.1:5555
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local;<local>
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:Program FilesMcAfeeVirusScanscriptsn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.1.1309.3572swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:Program FilesBAEBAE.dll
O2 - BHO: (no name) - {d2c905c7-3f0b-4a30-acac-252fa584541f} - (no file)
O2 - BHO: (no name) - {E47C5D1F-7D17-4214-9D6F-148C817341A5} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:Program FilesAskBarDisbarbinaskBar.dll (file missing)
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM..Run: [IAAnotif] C:Program FilesIntelIntel Matrix Storage ManagerIaanotif.exe
O4 - HKLM..Run: [CTSysVol] C:Program FilesCreativeSBAudigySurround MixerCTSysVol.exe /r
O4 - HKLM..Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [DLA] C:WINDOWSSystem32DLADLACTRLW.EXE
O4 - HKLM..Run: [VX1000] C:WINDOWSvVX1000.exe
O4 - HKLM..Run: [LogitechCommunicationsManager] "C:Program FilesCommon FilesLogiShrdLComMgrCommunications_Helper.exe"
O4 - HKLM..Run: [LXBUCATS] rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM..Run: [DMXLauncher] C:Program FilesDellMedia ExperienceDMXLauncher.exe
O4 - HKLM..Run: [AppleSyncNotifier] C:Program FilesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [McAfee Backup] "C:Program FilesMcAfeeMBKMcAfeeDataBackup.exe"
O4 - HKLM..Run: [MSSE] "C:Program FilesMicrosoft Security Essentialsmsseces.exe" -hide -runkey
O4 - HKLM..Run: [TMRUBottedTray] "C:Program FilesTrend MicroRUBottedTMRUBottedTray.exe"
O4 - HKCU..Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Yahoo! Pager] "C:PROGRA~1Yahoo!MESSEN~1YAHOOM~1.EXE" -quiet
O4 - HKUSS-1-5-18..Run: [DWQueuedReporting] "C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUSS-1-5-18..RunOnce: [WUAppSetup] C:Program FilesCommon FileslogishrdWUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 11.5.0.1145 (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [DWQueuedReporting] "C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t (User 'Default user')
O4 - HKUS.DEFAULT..RunOnce: [WUAppSetup] C:Program FilesCommon FileslogishrdWUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 11.5.0.1145 (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:Program FilesYahoo!Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MI1933~1Office10EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:Program FilesYahoo!Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:Program FilesYahoo!Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:Program FilesYahoo!Common/ycsms.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MI1933~1OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O10 - Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:Program FilesLogitechDesktop Messenger8876480ProgramGAPlugProtocol-8876480.dll
O18 - Filter hijack: text/html - {19c4c5b2-ef74-42ba-adff-c2e3d9dfa69b} - C:WINDOWSsystem32mst122.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:WINDOWSsystem32browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:WINDOWSsystem32browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:Program FilesCommon FilesCreative Labs SharedServiceCreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSsystem32CTsvcCDA.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:Program FilesIntelIntel Matrix Storage ManagerIaantmon.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:Program FilesCommon FilesIntuitUpdate ServiceIntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:program filescommon fileslogishrdlvmvfmLVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:Program FilesCommon FilesLogiShrdSrvLnchSrvLnch.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:WINDOWSsystem32lxbucoms.exe
O23 - Service: MBackMonitor - McAfee - C:Program FilesMcAfeeMBKMBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:Program FilesTrend MicroRUBottedTMRUBotted.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:Program FilesComcastDesktop Doctorbinsprtsvc.exe
O23 - Service: TomTomHOMEService - TomTom - C:Program FilesTomTom HOME 2TomTomHOMEService.exe

--
End of file - 14403 bytes






ComboFix 10-05-30.02 - Patrick 05/30/2010 21:07:25.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.383 [GMT -4:00]
Running from: c:documents and settingsPatrickDesktopComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:windowssystem32_003424_.tmp.dll
c:windowssystem32_003425_.tmp.dll
c:windowssystem32_003426_.tmp.dll
c:windowssystem32_003427_.tmp.dll
c:windowssystem32_003434_.tmp.dll
c:windowssystem32_003435_.tmp.dll
c:windowssystem32_003436_.tmp.dll
c:windowssystem32_003437_.tmp.dll
c:windowssystem32_003439_.tmp.dll
c:windowssystem32_003440_.tmp.dll
c:windowssystem32_003443_.tmp.dll
c:windowssystem32_003444_.tmp.dll
c:windowssystem32_003446_.tmp.dll
c:windowssystem32_003447_.tmp.dll
c:windowssystem32_003448_.tmp.dll
c:windowssystem32_003450_.tmp.dll
c:windowssystem32_003452_.tmp.dll
c:windowssystem32_003453_.tmp.dll
c:windowssystem32_003454_.tmp.dll
c:windowssystem32_003458_.tmp.dll
c:windowssystem32_003459_.tmp.dll
c:windowssystem32_003461_.tmp.dll
c:windowssystem32_003464_.tmp.dll
c:windowssystem32_003466_.tmp.dll
c:windowssystem32_003467_.tmp.dll
c:windowssystem32_003468_.tmp.dll
c:windowssystem32_003469_.tmp.dll
c:windowssystem32_003470_.tmp.dll
c:windowssystem32_003473_.tmp.dll
c:windowssystem32_003474_.tmp.dll
c:windowssystem32_003475_.tmp.dll
c:windowssystem32_003476_.tmp.dll
c:windowssystem32_003477_.tmp.dll
c:windowssystem32_003482_.tmp.dll
c:windowssystem32_003484_.tmp.dll
c:windowssystem32_003485_.tmp.dll
c:windowssystem32Data
c:windowswiaserviv.log
J:autorun.inf

Infected copy of c:windowssystem32driverscdrom.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-31 )))))))))))))))))))))))))))))))
.

2010-05-30 23:49 . 2010-05-30 23:49 -------- d-----w- c:windowssystem32wbemRepository
2010-05-30 21:48 . 2010-05-30 21:48 -------- d-----w- c:documents and settingsPatrickLocal SettingsApplication DataPCHealth
2010-05-30 21:48 . 2010-05-30 21:48 -------- d-----w- c:documents and settingsNetworkServiceLocal SettingsApplication DataPCHealth
2010-05-30 15:13 . 2008-03-02 07:28 206608 ----a-w- c:windowssystem32driversTMPassthru.sys
2010-05-30 15:01 . 2010-05-30 15:02 -------- d-----w- c:program filesMicrosoft Security Essentials
2010-05-25 13:11 . 2010-05-25 13:11 -------- d-----w- c:documents and settingsAdministratorLocal SettingsApplication DataMozilla
2010-05-25 13:10 . 2010-05-25 13:10 -------- d-sh--w- c:documents and settingsAdministratorIECompatCache
2010-05-25 13:09 . 2010-05-25 13:09 -------- d-sh--w- c:documents and settingsAdministratorPrivacIE
2010-05-06 00:45 . 2010-05-06 00:45 -------- d-----w- c:program filesMSECache
2010-05-02 14:54 . 2010-05-02 14:54 -------- d-----w- c:program filesiPod
2010-05-02 14:47 . 2010-05-02 14:48 -------- d-----w- c:program filesBonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-30 23:43 . 2008-09-13 04:21 -------- d-----w- c:documents and settingsAll UsersApplication DataGoogle Updater
2010-05-30 23:15 . 2007-09-19 21:53 -------- d-----w- c:program filesComcastToolbar
2010-05-30 21:57 . 2009-11-21 04:16 -------- d-----w- c:program filesMalwarebytes' Anti-Malware
2010-05-30 15:13 . 2006-10-29 13:51 -------- d-----w- c:program filesTrend Micro
2010-05-30 15:13 . 2006-10-22 17:35 -------- d--h--w- c:program filesInstallShield Installation Information
2010-05-25 11:46 . 2009-04-22 02:14 -------- d-----w- c:documents and settingsPatrickApplication DataFrostWire
2010-05-15 15:10 . 2007-12-15 18:31 -------- d-----w- c:program filesMcAfee
2010-05-08 12:28 . 2006-11-10 02:03 80800 ----a-w- c:documents and settingsPatrickLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-05-02 14:54 . 2007-08-15 23:47 -------- d-----w- c:program filesiTunes
2010-05-02 14:53 . 2007-07-19 22:08 -------- d-----w- c:program filesCommon FilesApple
2010-05-02 14:44 . 2008-11-25 05:43 -------- d-----w- c:program filesSafari
2010-04-29 19:39 . 2009-11-21 04:16 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2010-04-29 19:39 . 2009-11-21 04:16 20952 ----a-w- c:windowssystem32driversmbam.sys
2010-04-19 21:41 . 2008-02-11 02:19 -------- d-----w- c:documents and settingsPatrickApplication DataMove Networks
2010-04-16 02:05 . 2010-04-16 02:03 -------- d-----w- c:documents and settingsAll UsersApplication Data{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-16 01:59 . 2010-04-16 01:58 -------- d-----w- c:program filesQuickTime
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:windowssystem32dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:windowssystem32dns-sd.exe
2010-03-10 06:15 . 2005-08-16 08:18 420352 ----a-w- c:windowssystem32vbscript.dll
2009-12-17 00:56 . 2009-12-17 00:56 4844296 ----a-w- c:program filesmbam-setup.exe
2009-11-26 13:44 . 2009-11-26 13:44 6598232 ----a-w- c:program filesJuice22Setup.exe
2007-01-21 04:55 . 2007-01-21 04:30 17177896 ----a-w- c:program filesInstall_Messenger.exe
2007-01-21 04:33 . 2007-01-21 04:33 415784 ----a-w- c:program filesmsgr8us.exe
2006-11-30 00:56 . 2006-11-30 00:56 5055504 ----a-w- c:program filesTMASInstall_EN_US.exe
2006-11-04 01:31 . 2006-11-04 01:31 2262376 ----a-w- c:program filesTMASInstall_DR_US.exe
2006-10-29 12:51 . 2006-10-29 12:51 8 --sh--r- c:windowssystem325FE2C29D48.sys
2006-10-29 12:52 . 2006-10-29 12:51 2516 --sha-w- c:windowssystem32KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"ehTray"="c:windowsehomeehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:windowssystem32NvCpl.dll" [2006-06-16 7323648]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:program filesIntelIntel Matrix Storage ManagerIaanotif.exe" [2006-07-06 151552]
"CTSysVol"="c:program filesCreativeSBAudigySurround MixerCTSysVol.exe" [2005-10-31 57344]
"MBMon"="CTMBHA.DLL" [2006-06-29 1355042]
"UpdReg"="c:windowsUpdReg.EXE" [2000-05-11 90112]
"ISUSScheduler"="c:program filesCommon FilesInstallShieldUpdateServiceissch.exe" [2006-03-20 86960]
"DLA"="c:windowsSystem32DLADLACTRLW.EXE" [2005-09-08 122940]
"VX1000"="c:windowsvVX1000.exe" [2007-04-10 709992]
"LogitechCommunicationsManager"="c:program filesCommon FilesLogiShrdLComMgrCommunications_Helper.exe" [2007-02-08 488984]
"LXBUCATS"="c:windowsSystem32spoolDRIVERSW32X863LXBUtime.dll" [2004-11-02 69632]
"DMXLauncher"="c:program filesDellMedia ExperienceDMXLauncher.exe" [2005-10-05 94208]
"AppleSyncNotifier"="c:program filesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe" [2010-03-17 47392]
"QuickTime Task"="c:program filesQuickTimeqttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:program filesiTunesiTunesHelper.exe" [2010-04-28 142120]
"McAfee Backup"="c:program filesMcAfeeMBKMcAfeeDataBackup.exe" [2009-07-09 5134864]
"MSSE"="c:program filesMicrosoft Security Essentialsmsseces.exe" [2010-02-21 1093208]
"TMRUBottedTray"="c:program filesTrend MicroRUBottedTMRUBottedTray.exe" [2008-11-06 288088]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"DWQueuedReporting"="c:progra~1COMMON~1MICROS~1DWdwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
"WUAppSetup"="c:program filesCommon FileslogishrdWUApp32.exe" [2007-10-12 439568]

c:documents and settingsAll UsersStart MenuProgramsStartup
Digital Line Detect.lnk - c:program filesDigital Line DetectDLG.exe [2006-10-22 24576]
Microsoft Office.lnk - c:program filesMicrosoft OfficeOffice10OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalmcmscsvc]
@=""

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMCODS]
@=""

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc]
@="Service"

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:documents and settingsAll UsersStart MenuProgramsStartupAdobe Reader Speed Launch.lnk
backup=c:windowspssAdobe Reader Speed Launch.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:documents and settingsAll UsersStart MenuProgramsStartupLogitech Desktop Messenger.lnk
backup=c:windowspssLogitech Desktop Messenger.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^Patrick^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
path=c:documents and settingsPatrickStart MenuProgramsStartupTrend Micro Anti-Spyware.lnk
backup=c:windowspssTrend Micro Anti-Spyware.lnkStartup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregddoctorv2]
2008-04-24 17:25 202560 ----a-w- c:program filesComcastDesktop Doctorbinsprtcmd.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregEzPrint]
2004-09-17 17:24 61440 ----a-w- c:program filesLexmark 6200 Seriesezprint.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregFaxCenterServer]
2004-08-24 19:26 299008 ----a-w- c:program filesLexmark Fax Solutionsfm3032.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
2010-04-28 19:06 142120 ----a-w- c:program filesiTunesiTunesHelper.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLogitechQuickCamRibbon]
2007-02-08 06:13 774168 ----a-w- c:program filesLogitechQuickCam10QuickCam10.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreglxbumon.exe]
2005-01-18 14:35 196608 ----a-w- c:program filesLexmark 6200 Serieslxbumon.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMalwarebytes Anti-Malware (reboot)]
2010-04-29 19:39 1090952 ----a-w- c:program filesMalwarebytes' Anti-Malwarembam.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregmcagent_exe]
2009-10-29 11:54 1218008 ----a-w- c:program filesMcAfee.comAgentmcagent.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:program filesSpybot - Search & DestroyTeaTimer.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTomTomHOME.exe]
2009-08-27 15:05 247144 ----a-w- c:program filesTomTom HOME 2TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregYahoo! Pager]
2007-08-30 21:43 4670704 ----a-w- c:program filesYahoo!MessengerYahooMessenger.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringMcAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringMcAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"=
"%windir%Network Diagnosticxpnetdiag.exe"=
"c:Program FilesYahoo!MessengerYahooMessenger.exe"=
"c:Program FilesYahoo!MessengerYServer.exe"=
"c:Program FilesMessengermsmsgs.exe"=
"c:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe"=
"c:Program FilesWindows LiveMessengerwlcsdk.exe"=
"c:Program FilesCommon FilesMcAfeeMNAMcNASvc.exe"=
"c:Program FilesWindows LiveMessengermsnmsgr.exe"=
"c:Program FilesBonjourmDNSResponder.exe"=
"c:Program FilesiTunesiTunes.exe"=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R2 RUBotted;Trend Micro RUBotted Service;c:program filesTrend MicroRUBottedTMRUBotted.exe [5/30/2010 11:13 AM 582992]
R2 TomTomHOMEService;TomTomHOMEService;c:program filesTomTom HOME 2TomTomHOMEService.exe [8/27/2009 11:05 AM 92008]
R3 TMPassthruMP;TMPassthruMP;c:windowssystem32driversTMPassthru.sys [5/30/2010 11:13 AM 206608]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:windowssystem32driversTMPassthru.sys [5/30/2010 11:13 AM 206608]
.
Contents of the 'Scheduled Tasks' folder

2010-05-14 c:windowsTasksAppleSoftwareUpdate.job
- c:program filesApple Software UpdateSoftwareUpdate.exe [2008-07-30 16:34]

2010-05-31 c:windowsTasksGoogle Software Updater.job
- c:program filesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-09-13 03:00]

2010-02-15 c:windowsTasksMcDefragTask.job
- c:progra~1mcafeemqcQcConsol.exe [2007-12-15 16:22]

2009-04-01 c:windowsTasksMcQcTask.job
- c:progra~1mcafeemqcQcConsol.exe [2007-12-15 16:22]

2007-10-13 c:windowsTasksMicrosoft_Hardware_Launch_vVX1000_exe.job
- c:windowsvVX1000.exe [2007-10-13 21:46]

2010-05-31 c:windowsTasksMP Scheduled Scan.job
- c:program filesMicrosoft Security EssentialsMpCmdRun.exe [2009-12-09 22:02]

2010-05-31 c:windowsTasksMpIdleTask.job
- c:program filesMicrosoft Security EssentialsMpCmdRun.exe [2009-12-09 22:02]

2010-05-31 c:windowsTasksUser_Feed_Synchronization-{6F251EA0-1DC0-4E06-9038-2D2E7EA14B4F}.job
- c:windowssystem32msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:program filesYahoo!Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:progra~1MI1933~1Office10EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:program filesYahoo!Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:program filesYahoo!Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:program filesYahoo!Common/ycsms.htm
Trusted Zone: blackrock.comcitrix.amrs
Trusted Zone: intuit.comttlc
Trusted Zone: turbotax.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:program filesLogitechDesktop Messenger8876480ProgramGAPlugProtocol-8876480.dll
FF - ProfilePath - c:documents and settingsPatrickApplication DataMozillaFirefoxProfilesokk2selu.default
FF - plugin: c:documents and settingsPatrickApplication DataFacebooknpfbplugin_1_0_1.dll
FF - plugin: c:documents and settingsPatrickApplication DataFacebooknpfbplugin_1_0_3.dll
FF - plugin: c:documents and settingsPatrickApplication DataMove Networkspluginsnpqmp071505000011.dll
FF - plugin: c:program filesGoogleGoogle Updater2.4.1536.6592npCIDetect13.dll
FF - plugin: c:program filesViewpointViewpoint Experience TechnologynpViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension

---- FIREFOX POLICIES ----
.
- - - - ORPHANS REMOVED - - - -

BHO-{d2c905c7-3f0b-4a30-acac-252fa584541f} - (no file)
BHO-{E47C5D1F-7D17-4214-9D6F-148C817341A5} - (no file)
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:program filesAskBarDisbarbinaskBar.dll
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:program filesAskBarDisbarbinaskBar.dll
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
MSConfigStartUp-AppleSyncNotifier - c:program filesCommon FilesAppleMobile Device SupportbinAppleSyncNotifier.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-30 21:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLMSoftwareMicrosoftWindowsCurrentVersionRun
LXBUCATS = rundll32 c:windowsSystem32spoolDRIVERSW32X863LXBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-05-30 21:40:48
ComboFix-quarantined-files.txt 2010-05-31 01:40

Pre-Run: 57,022,066,688 bytes free
Post-Run: 57,248,206,848 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - C93AC0B6783F3CC4C6483FB0DE2F1D2A

looks like combofix worked and windows XP is back. Internet appears to be working and browser is not being redirected to vip-127.com or whatever it was.

My only concern is if the virus is lurking in my system undetected. Thanks.

Edited by Budapest, 31 May 2010 - 05:39 PM.
Posts merged ~BP


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 PM

Posted 02 June 2010 - 06:47 PM

Hi, one of the files Combofix found was a backdoor rootkit.


Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.




Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 midnite500

midnite500
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:06:50 PM

Posted 03 June 2010 - 07:23 PM

Thank you etavares. This sounds really scary. I will run the programs soon one I am home.

#4 midnite500

midnite500
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:06:50 PM

Posted 04 June 2010 - 02:34 PM

Here is my OTL log. There is only one text file. I used Defrogger to diable CD emulations. However, when I run GMER my computer freezes up. Any suggestions? Thank you again for your help.


OTL logfile created on: 6/4/2010 1:25:02 PM - Run 2
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Program Files
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 296.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 52.77 Gb Free Space | 23.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 298.02 Gb Total Space | 119.07 Gb Free Space | 39.95% Space Free | Partition Type: FAT32

Computer Name: D4JMZZB1
Current User Name: Patrick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/04 13:15:32 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\Patrick\Local Settings\temp\clclean.0001
PRC - [2010/06/03 20:15:13 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Program Files\OTL.exe
PRC - [2010/04/28 15:06:24 | 010,358,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/02/17 16:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2010/02/11 12:36:12 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/02/11 12:36:12 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/08/27 11:05:04 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/07 23:30:22 | 000,192,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSM\McSmtFwk.exe
PRC - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/10 17:46:52 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.exe
PRC - [2007/02/08 02:12:48 | 000,488,984 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/02/06 18:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2006/10/22 13:36:55 | 000,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2006/07/24 10:20:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/06 07:15:00 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2005/10/31 10:51:52 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
PRC - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2003/10/29 02:06:00 | 000,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe


========== Modules (SafeList) ==========

MOD - [2010/06/03 20:15:13 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Program Files\OTL.exe
MOD - [2009/01/23 10:46:18 | 000,013,840 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/02/06 18:45:14 | 000,092,960 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (0247071275485184mcinstcleanup) McAfee Application Installer Cleanup (0247071275485184)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/24 13:16:08 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/02/17 16:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2010/02/11 12:36:12 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/08/27 11:05:04 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/07/08 20:22:22 | 000,068,112 | ---- | M] (McAfee) [On_Demand | Stopped] -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2007/10/19 14:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/02/06 18:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2006/10/22 13:36:55 | 000,069,632 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2005/01/06 18:41:22 | 000,462,848 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxbucoms.exe -- (lxbu_device)


========== Driver Services (SafeList) ==========

DRV - [2010/04/14 12:50:14 | 000,385,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/02/17 16:52:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/02/17 16:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2010/02/17 16:52:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/02/17 16:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/19 14:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/10/11 22:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/11 21:55:58 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/10/11 21:55:58 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2007/10/11 19:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/04/10 17:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2007/02/06 18:45:04 | 000,025,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/11/28 20:49:59 | 000,076,560 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2006/08/01 15:03:36 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2006/08/01 15:03:36 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2006/08/01 15:03:36 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/08/01 15:03:36 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/07/24 10:20:00 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/07/06 06:59:42 | 000,246,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iastor.sys -- (iastor)
DRV - [2006/06/16 08:39:00 | 003,581,888 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/06/05 13:49:08 | 000,230,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2004/10/19 09:07:22 | 000,009,728 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2004/08/10 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061022
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061022


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061022
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061022
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555



IE - HKU\S-1-5-21-3664523173-4216841774-117559635-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3664523173-4216841774-117559635-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3664523173-4216841774-117559635-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\S-1-5-21-3664523173-4216841774-117559635-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717


FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/03 20:11:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/25 09:11:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/19 18:27:35 | 000,000,000 | ---D | M]

[2009/04/17 23:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Extensions
[2009/03/15 16:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/04/17 23:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/04/19 18:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\okk2selu.default\extensions
[2010/04/19 18:11:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\okk2selu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/07 15:35:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\okk2selu.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/21 22:12:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\okk2selu.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/01/25 16:37:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/05/30 21:29:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKU\S-1-5-21-3664523173-4216841774-117559635-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3664523173-4216841774-117559635-1006\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LXBUCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.DLL ()
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-3664523173-4216841774-117559635-1006..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\.DEFAULT..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 11.5.0.1145 File not found
O4 - HKU\S-1-5-18..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 11.5.0.1145 File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3664523173-4216841774-117559635-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3664523173-4216841774-117559635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3664523173-4216841774-117559635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3664523173-4216841774-117559635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/11/22 21:53:37 | 000,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/11/22 21:53:37 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/11/22 21:53:37 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/11/22 21:53:37 | 000,000,000 | ---D | M]
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3664523173-4216841774-117559635-1006\..Trusted Domains: blackrock.com ([citrix.amrs] https in Trusted sites)
O15 - HKU\S-1-5-21-3664523173-4216841774-117559635-1006\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-3664523173-4216841774-117559635-1006\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Patrick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Patrick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/12/09 01:44:22 | 000,000,000 | ---D | M] - J:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/06/04 13:17:22 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe - (Logitech Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^Patrick^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmasy\Tmasy.exe - (Trend Micro Incorporated)
MsConfig - StartUpReg: ddoctorv2 - hkey= - key= - C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
MsConfig - StartUpReg: EzPrint - hkey= - key= - C:\Program Files\Lexmark 6200 Series\ezprint.exe ()
MsConfig - StartUpReg: FaxCenterServer - hkey= - key= - C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
MsConfig - StartUpReg: lxbumon.exe - hkey= - key= - C:\Program Files\Lexmark 6200 Series\lxbumon.exe (Lexmark International, Inc.)
MsConfig - StartUpReg: McAfee Backup - hkey= - key= - C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
MsConfig - StartUpReg: mcagent_exe - hkey= - key= - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
MsConfig - StartUpReg: Yahoo! Pager - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\system32\Microsoft
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\WINDOWS\system32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - C:\WINDOWS\system32\Adobe
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/06/03 20:15:07 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Program Files\OTL.exe
[2010/06/02 09:37:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/06/02 09:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\tdsskiller
[2010/06/02 09:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2010/06/02 09:26:38 | 000,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/06/02 09:26:38 | 000,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2010/06/02 09:26:38 | 000,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/06/02 09:26:34 | 000,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2010/06/02 09:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/06/02 09:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2010/06/02 09:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/06/02 09:22:25 | 000,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2010/06/02 08:48:35 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/05/31 09:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\Incomplete
[2010/05/31 08:51:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/30 20:56:34 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/30 20:52:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/30 20:52:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/30 20:52:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/30 20:52:29 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/30 20:51:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/30 20:46:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/30 17:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Local Settings\Application Data\PCHealth
[2010/05/30 17:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2010/05/30 11:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/05/15 11:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/15 11:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/05 20:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[271 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/04 13:35:01 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6F251EA0-1DC0-4E06-9038-2D2E7EA14B4F}.job
[2010/06/04 13:20:46 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/04 13:19:17 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/04 13:17:57 | 000,009,145 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/06/04 13:17:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/04 13:15:37 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/06/04 13:15:32 | 000,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/06/04 13:15:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/04 13:15:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/04 13:15:15 | 1071,685,632 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/03 21:03:56 | 012,582,912 | ---- | M] () -- C:\Documents and Settings\Patrick\ntuser.dat
[2010/06/03 21:03:17 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Patrick\ntuser.ini
[2010/06/03 20:15:13 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Program Files\OTL.exe
[2010/06/02 09:31:00 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/06/02 09:30:35 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee EasyNetwork.lnk
[2010/06/02 09:26:08 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/06/02 09:26:07 | 000,000,322 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/06/02 09:17:29 | 000,966,213 | ---- | M] () -- C:\Program Files\tdsskiller.zip
[2010/05/31 16:32:15 | 000,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/31 16:32:15 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/05/31 16:32:15 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/30 21:29:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/30 20:51:08 | 003,701,026 | R--- | M] () -- C:\Documents and Settings\Patrick\Desktop\ComboFix.exe
[2010/05/30 20:24:46 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\Patrick\Desktop\HiJackThis.lnk
[2010/05/30 11:01:42 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/05/25 14:38:06 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Patrick\My Documents\Job Search 2010.xls
[2010/05/24 19:43:25 | 001,578,310 | -H-- | M] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\IconCache.db
[2010/05/23 14:23:43 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\Patrick\My Documents\Budget.xls
[2010/05/21 14:14:28 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/05/13 21:45:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/12 13:25:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/10 19:43:09 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/08 08:28:31 | 000,080,800 | ---- | M] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/06 19:48:50 | 000,302,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[271 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/02 09:31:40 | 000,009,145 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2010/06/02 09:31:00 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/06/02 09:30:35 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee EasyNetwork.lnk
[2010/06/02 09:26:08 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/06/02 09:26:07 | 000,000,322 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/06/02 09:17:19 | 000,966,213 | ---- | C] () -- C:\Program Files\tdsskiller.zip
[2010/05/31 16:32:14 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2010/05/30 20:56:41 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010/05/30 20:56:35 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/30 20:52:29 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/30 20:52:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/30 20:52:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/30 20:52:29 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/30 20:52:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/30 20:51:03 | 003,701,026 | R--- | C] () -- C:\Documents and Settings\Patrick\Desktop\ComboFix.exe
[2010/05/30 19:39:35 | 012,582,912 | ---- | C] () -- C:\Documents and Settings\Patrick\ntuser.dat
[2010/05/30 11:06:59 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/05/30 11:01:42 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/05/25 09:16:09 | 1071,685,632 | -HS- | C] () -- C:\hiberfil.sys
[2008/02/14 01:12:46 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/02/14 01:12:45 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/01 17:19:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbuvs.dll
[2008/01/01 13:33:09 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2008/01/01 13:33:09 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2007/10/15 19:51:03 | 000,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/10/13 09:26:16 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2007/02/12 21:28:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\webica.ini
[2007/02/06 18:45:04 | 000,025,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006/11/13 22:47:36 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/11/12 11:41:42 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/10/29 09:51:27 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2006/10/29 08:51:20 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/10/29 08:51:20 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\5FE2C29D48.sys
[2006/10/26 21:06:22 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/10/22 13:56:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/22 13:50:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/22 13:45:08 | 000,000,354 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/22 13:38:10 | 000,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
[2006/10/22 13:37:15 | 000,010,820 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2006/10/22 13:36:57 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\mes2046.dll
[2006/10/22 13:10:26 | 001,355,042 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
[2006/10/22 13:10:03 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/10/22 13:08:14 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 01:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 20:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[271 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/03 19:50:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/03 19:50:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/03 19:50:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/03 19:50:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/10 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2006/07/06 04:59:42 | 000,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\drivers\storage\onboard\iastor.sys
[2006/07/06 06:59:42 | 000,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\i386\iaStor.sys
[2006/07/06 06:59:42 | 000,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys
[2006/07/06 06:59:42 | 000,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\WINDOWS\system32\drivers\iaStor.sys
[2006/07/06 04:59:42 | 000,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\iaStor.sys
[2006/07/06 07:01:32 | 000,484,864 | ---- | M] (Intel Corporation) MD5=6A3C354BFC163B81F6EF2FC421280DB5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >


#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 PM

Posted 05 June 2010 - 06:09 AM

Since you're having issues with GMER, please try GMER in safe mode. If that doesn't work, try in safe mode, but uncheck 'devices'. If all else fails, try in safe mode and only check 'files' and 'sections'


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 PM

Posted 10 June 2010 - 03:55 AM

still with me?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 midnite500

midnite500
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:06:50 PM

Posted 10 June 2010 - 07:36 PM

yes. apologies. I tried running the GMER in safe mode and had to kill it after 5 hours. I am going to let it run overnight tonight and post the log (hopefully) tomorrow morning. Thank you again for your help.

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 PM

Posted 11 June 2010 - 05:51 PM

ok, sounds good. that log is extremely helpful for redirect issues. i'll look out for it.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 midnite500

midnite500
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:06:50 PM

Posted 12 June 2010 - 01:09 PM

I am running it now again. May take a few hours. It appears that it freezes up but then unfreezes and runs again after about 20 minutes. My computer is running hot and I can hear the fan constantly running.

Two devices are showing on the screen - both are FileSystem\Fastfat\Fat, Value F66F7D20 and Value F6707428, Not sure if these are good or bad, but will post the GMER file once complete.

Thank you for your patience!!!!

#10 midnite500

midnite500
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:06:50 PM

Posted 12 June 2010 - 07:18 PM

etavares, below are the results of my GMER scan. I was expecting a longer type of log, but I hope this is what you need.

Also, now I am receiving a RUNDLL error message upon rebooting my computer. It says RUNDLL Error - Error loading CTMBHA.dll. A dynamic library (DLL) installation routine failed. I am not sure if this is a result of the Defrogger disable or the GMER. I have attached a word doc with the screenprint of the error message.


Thank you again for your time and help!!!


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-12 20:01:52
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Patrick\LOCALS~1\Temp\pwloapoc.sys


---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat F66F7D20
Device \FileSystem\Fastfat \Fat F6707428

---- EOF - GMER 1.0.15 ----

Attached Files


Edited by midnite500, 12 June 2010 - 07:21 PM.


#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 PM

Posted 13 June 2010 - 06:50 PM

Hello, midnite500.

That error is related to your soundcard, so defogger shouldn't have impacted that. I've added it to my notes for your computer, so we'll take care of it once we take care of the malware. I did expect a longer GMER log as well, but let's press ahead.



Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as midnite500CF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on midnite500CF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 midnite500

midnite500
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:06:50 PM

Posted 14 June 2010 - 08:17 PM

Oh, the soundcard. Fair enough. smile.gif Attached is my combofix log. Thanks again..


Attached Files



#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 PM

Posted 15 June 2010 - 05:06 PM

Hello, midnite500.
First things first, it looks like there was a recent run of CF...can you please copy and paste the contents of this log directly into your reply:
C:\qoobox\ComboFix2.txt



Two Antiviruses Warning


I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either McAfee or Windows Security Essentials.



etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 midnite500

midnite500
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:06:50 PM

Posted 15 June 2010 - 06:41 PM

Thanks for the info on the McAfee and Windows Security Essentials. It makes sense that they may interfere with one another. I removed the Windows Security Essentials software.

Attached is the combofix file. Thanks again!

Attached Files



#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 PM

Posted 16 June 2010 - 05:04 PM

ok, it doesn't look like it did much. are you still getting redirected to vip-127?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users