Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google searches redirected and unwanted new browser windows opening


  • This topic is locked This topic is locked
11 replies to this topic

#1 eoneill

eoneill

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 08 June 2010 - 04:17 PM

Hello there,

My daughter's laptop was recently infected by AV Security Suite. Our computers are on the same network and even though we haven't shared files, my browser is now hijacked as well. I ran the GMER scan but it wouldn't let me tick all of the subheadings you requested in your preparation guide. Here are the DDS and GMER logs:


DDS (Ver_10-03-17.01) - NTFSX64
Run by Eileen at 16:40:39.42 on Tue 06/08/2010
Internet Explorer: 8.0.6001.18904
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8180.5991 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmgr.exe
C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe
C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Lexmark 7600 Series\lxdwMsdMon.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\OfficeGuardianV2N\Reminder\SacReminder.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\AERTSr64.exe
C:\ProgramData\OfficeGuardianV2N\UACProxy.exe
c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
C:\Windows\system32\lxbkcoms.exe
C:\Windows\system32\spool\DRIVERS\x64\3\lxdwserv.exe
C:\Windows\system32\lxdwcoms.exe
c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Eileen\Desktop\gmer\gmer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Eileen\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
mLocal Page = c:\windows\syswow64\blank.htm
mWinlogon: Userinit=userinit.exe
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files (x86)\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~2\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files (x86)\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files (x86)\lexmark toolbar\toolband.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
uRun: [SacReminderHDDV2N] c:\programdata\officeguardianv2n\reminder\SacReminder.exe
mRun: [mcagent_exe] "c:\program files (x86)\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Dell DataSafe Online] "c:\program files (x86)\dell datasafe online\DataSafeOnline.exe" /m
mRun: [Microsoft Default Manager] "c:\program files (x86)\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Lexmark 7600 Series] "c:\program files (x86)\lexmark 7600 series\fm3032.exe" /s
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
StartupFolder: c:\users\eileen\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\dellre~1.lnk - c:\windows\installer\{f66a31d9-7831-4fba-ba02-c411c0047cc5}\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~2\mcafee\msk\MSKAPB~1.DLL
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO-X64: scriptproxy - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [(Default)]
mRun-x64: [Dell DataSafe Online] "c:\program files (x86)\dell datasafe online\DataSafeOnline.exe" /m
mRun-x64: [lxbkbmgr.exe] "c:\program files (x86)\lexmark x1100 series\lxbkbmgr.exe"
mRun-x64: [lxdwmon.exe] "c:\program files (x86)\lexmark 7600 series\lxdwmon.exe"
mRun-x64: [lxdwamon] "c:\program files (x86)\lexmark 7600 series\lxdwamon.exe"

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-3-10 53488]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-10 308296]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe [2009-3-10 86016]
R2 CFUACProxy_officeguardianv2n;CFUACProxy_officeguardianv2n;c:\programdata\officeguardianv2n\UACProxy.exe [2010-3-29 83848]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]
R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe -service --> c:\windows\system32\lxbkcoms.exe -service [?]
R2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service --> c:\windows\system32\lxdwcoms.exe -service [?]
R2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\system32\spool\drivers\x64\3\lxdwserv.exe [2008-5-16 33960]
R2 McProxy;McAfee Proxy Service;c:\progra~2\common~1\mcafee\mcproxy\mcproxy.exe [2009-3-10 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-3-10 155456]
R2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programdata\officeguardianv2n\reminder\SacNetAgent.exe [2010-3-29 140168]
R3 McSysmon;McAfee SystemGuards;c:\progra~2\mcafee\viruss~1\mcsysmon.exe [2009-3-10 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-3-10 102472]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-10 49480]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-12-2 89920]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-10 40904]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-06-04 22:14:17 0 d-----w- c:\windows\pss
2010-06-04 21:49:51 767952 ----a-w- c:\windows\BDTSupport.dll.old
2010-05-26 02:14:01 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-05-26 02:14:01 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-12 00:47:37 974848 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-12 00:47:36 738816 ----a-w- c:\windows\syswow64\inetcomm.dll

==================== Find3M ====================

2010-05-12 15:21:16 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-04-12 21:29:27 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-04-12 21:29:26 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-04-12 21:29:25 145184 ----a-w- c:\windows\syswow64\java.exe
2010-04-12 21:29:19 411368 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-04-05 23:33:31 6466 ----a-w- c:\users\eileen\appdata\roaming\wklnhst.dat
2009-12-15 04:11:02 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-15 04:11:02 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-15 04:11:01 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-15 04:11:01 143360 ----a-w- c:\windows\inf\infstrng.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-12-26 19:28:24 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-12-26 19:28:24 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-12-26 19:28:24 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-12-26 19:28:24 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-03-23 04:38:40 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\feeds cache\index.dat
2009-03-10 07:42:47 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 16:40:53.37 ===============

You will find the other logs attached.


Thanks in advance,

eoneill

Attached Files



BC AdBot (Login to Remove)

 


#2 eoneill

eoneill
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 10 June 2010 - 05:57 PM

hello???

#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:21 AM

Posted 12 June 2010 - 04:28 AM

Hi,
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Copy-paste following contents into custom scan -area:
    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#4 eoneill

eoneill
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 12 June 2010 - 05:10 PM

Hello Blade81!

Thanks so much for helping me. Here are the logs you requested:

OTL logfile created on: 6/12/2010 5:53:07 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Eileen\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 77.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 332.17 Gb Free Space | 73.64% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.21 Gb Free Space | 49.23% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 465.54 Gb Total Space | 447.42 Gb Free Space | 96.11% Space Free | Partition Type: NTFS
Drive G: | 124.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL
Current User Name: Eileen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Eileen\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\ProgramData\OfficeGuardianV2N\Reminder\SacReminder.exe (Storage Appliance Corp.)
PRC - C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe (SAC)
PRC - C:\ProgramData\OfficeGuardianV2N\UACProxy.exe (Storage Appliance Corp.)
PRC - C:\Program Files (x86)\McAfee.com\Agent\mcupdate.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
PRC - C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe (Dell Inc.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe ()
PRC - C:\Program Files (x86)\Lexmark 7600 Series\lxdwmsdmon.exe ()
PRC - C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmgr.exe (Lexmark International, Inc.)
PRC - C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmon.exe (Lexmark International, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Eileen\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (AERTFilters) -- C:\Windows\SysNative\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (lxdw_device) -- C:\Windows\SysNative\lxdwcoms.exe ( )
SRV:64bit: - (lxdwCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdwserv.exe ()
SRV:64bit: - (lxbk_device) -- C:\Windows\SysNative\lxbkcoms.exe ( )
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (SacNetAgentService_C57C4F854F53) -- C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe (SAC)
SRV - (CFUACProxy_officeguardianv2n) -- C:\ProgramData\OfficeGuardianV2N\UACProxy.exe (Storage Appliance Corp.)
SRV - (MpfService) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (hnmsvc) -- c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (lxdw_device) -- C:\Windows\SysWow64\lxdwcoms.exe ( )
SRV - (lxbk_device) -- C:\Windows\SysWow64\lxbkcoms.exe ( )
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 09:34:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (MPFP) -- C:\Windows\SysNative\Drivers\Mpfp.sys (McAfee, Inc.)
DRV:64bit: - (Packet) -- C:\Windows\SysNative\DRIVERS\packet.sys (SingleClick Systems)
DRV:64bit: - (e1express) Intel® -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/09 04:06:09 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxbkbmgr.exe] C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [lxdwamon] C:\Program Files (x86)\Lexmark 7600 Series\lxdwamon.exe ()
O4:64bit: - HKLM..\Run: [lxdwmon.exe] C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Lexmark 7600 Series] C:\Program Files (x86)\Lexmark 7600 Series\fm3032.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SacReminderHDDV2N] C:\ProgramData\OfficeGuardianV2N\Reminder\SacReminder.exe (Storage Appliance Corp.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Eileen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.64.5 213.109.72.21 68.105.28.11
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Eileen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Eileen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/09 21:33:51 | 000,000,044 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/12/07 06:15:22 | 000,000,097 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{a290e8d2-3b89-11df-93c8-00219b2d84d6}\Shell - "" = AutoRun
O33 - MountPoints2\{a290e8d2-3b89-11df-93c8-00219b2d84d6}\Shell\AutoRun\command - "" = G:\StartClickFreeBackup.exe -- [2010/04/16 11:45:28 | 001,140,616 | R--- | M] (Storage Appliance Corp.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/01/20 23:06:38 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 23:08:35 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/06/12 17:51:00 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\Eileen\Desktop\OTL.exe
[2010/06/11 21:08:06 | 000,000,000 | ---D | C] -- C:\Users\Eileen\Desktop\Computer Repair Info
[2010/06/11 21:06:32 | 000,000,000 | ---D | C] -- C:\Users\Eileen\AppData\Roaming\Malwarebytes
[2010/06/11 21:06:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/06/11 21:06:19 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/06/11 21:06:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/06/11 21:06:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/09 04:06:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/08 16:29:30 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/06/08 16:29:30 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/06/08 16:29:30 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/06/08 16:29:30 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/06/08 16:29:21 | 002,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/06/08 16:29:21 | 001,147,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010/06/08 16:29:21 | 001,062,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010/06/08 16:29:21 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/06/08 16:29:21 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/06/08 16:29:21 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/06/08 16:29:21 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010/06/08 16:29:21 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/06/08 16:29:21 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/06/08 16:29:20 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/06/08 16:29:20 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/06/08 16:29:20 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010/06/08 16:29:20 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/06/08 16:29:20 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/06/08 16:29:20 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/06/08 16:29:20 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/06/08 16:29:20 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/06/08 16:29:20 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/06/08 16:29:20 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/06/08 16:29:20 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010/06/08 16:29:18 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/06/08 16:29:18 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/06/08 16:29:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010/06/08 16:29:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010/06/08 16:29:17 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/06/08 16:29:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/06/08 16:29:17 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/06/08 16:29:17 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/06/08 16:29:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/06/08 16:29:17 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/06/08 16:29:17 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2010/06/08 16:29:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/06/08 16:29:17 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/06/08 16:29:14 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\asycfilt.dll
[2010/06/08 16:29:14 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\asycfilt.dll
[2010/06/04 18:14:17 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2009/08/25 19:56:01 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwinpa.dll
[2009/08/25 19:56:01 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwiesc.dll
[2009/08/25 19:56:00 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwpmui.dll
[2009/08/25 19:55:59 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwserv.dll
[2009/08/25 19:55:59 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwusb1.dll
[2009/08/25 19:55:58 | 000,679,936 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwhbn3.dll
[2009/08/25 19:55:58 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwlmpm.dll
[2009/08/25 19:55:57 | 000,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwcomc.dll
[2009/08/25 19:55:57 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwcomm.dll
[2009/03/22 16:24:50 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkserv.dll
[2009/03/22 16:24:50 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkusb1.dll
[2009/03/22 16:24:50 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkhbn3.dll
[2009/03/22 16:24:50 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpmui.dll
[2009/03/22 16:24:50 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbklmpm.dll
[2009/03/22 16:24:50 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkinpa.dll
[2009/03/22 16:24:50 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkiesc.dll
[2009/03/22 16:24:50 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkprox.dll
[2009/03/22 16:24:50 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpplc.dll
[2009/03/22 16:24:49 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomc.dll
[2009/03/22 16:24:49 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomm.dll
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/12 17:54:39 | 002,359,296 | -HS- | M] () -- C:\Users\Eileen\NTUSER.DAT
[2010/06/12 17:51:10 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Eileen\Desktop\OTL.exe
[2010/06/12 17:48:25 | 000,021,849 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2010/06/12 17:47:41 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/12 17:47:41 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/12 17:47:37 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/12 17:47:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/12 17:47:25 | 4283,617,279 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/12 15:03:50 | 000,524,288 | -HS- | M] () -- C:\Users\Eileen\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/06/12 15:03:50 | 000,065,536 | -HS- | M] () -- C:\Users\Eileen\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/06/11 23:35:57 | 002,648,778 | -H-- | M] () -- C:\Users\Eileen\AppData\Local\IconCache.db
[2010/06/11 21:06:23 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/09 20:20:18 | 000,025,600 | ---- | M] () -- C:\Users\Eileen\Documents\Glen Lennox Apartment styles.doc
[2010/06/09 05:27:37 | 000,280,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/06 18:27:11 | 000,001,771 | ---- | M] () -- C:\Users\Eileen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2010/06/04 19:12:16 | 476,825,294 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/26 13:23:46 | 000,048,128 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/05/26 13:06:41 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/05/26 11:10:41 | 000,366,080 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/05/26 10:47:41 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/11 21:06:23 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/09 20:20:18 | 000,025,600 | ---- | C] () -- C:\Users\Eileen\Documents\Glen Lennox Apartment styles.doc
[2010/06/04 18:53:51 | 000,437,266 | ---- | C] () -- C:\Users\Eileen\AppData\Local\dd_vcredistMSI2F10.txt
[2010/06/04 18:53:49 | 000,011,482 | ---- | C] () -- C:\Users\Eileen\AppData\Local\dd_vcredistUI2F10.txt
[2010/06/04 18:53:49 | 000,010,558 | ---- | C] () -- C:\Users\Eileen\AppData\Local\dd_vcredistUI2F11.txt
[2010/06/04 18:22:20 | 4283,617,279 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/04 17:49:51 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/06/04 17:48:33 | 000,439,610 | ---- | C] () -- C:\Users\Eileen\AppData\Local\dd_vcredistMSI7D1C.txt
[2010/06/04 17:48:33 | 000,011,450 | ---- | C] () -- C:\Users\Eileen\AppData\Local\dd_vcredistUI7D1C.txt
[2010/06/04 17:48:33 | 000,010,606 | ---- | C] () -- C:\Users\Eileen\AppData\Local\dd_vcredistUI7D1D.txt
[2009/12/02 22:26:49 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/02 22:26:17 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/25 19:59:52 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdwdrs.dll
[2009/08/25 19:59:52 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdwcaps.dll
[2009/08/25 19:59:52 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdwcnv4.dll
[2009/08/25 19:56:02 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\LXDWinst.dll
[2009/08/25 19:56:02 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdwcomx.dll
[2009/03/22 16:27:05 | 000,000,236 | ---- | C] () -- C:\Windows\Lexstat.ini
[2009/03/22 16:24:50 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbkutil.dll
[2009/03/22 16:24:50 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBKinst.dll
[2009/03/10 04:12:29 | 001,953,696 | ---- | C] () -- C:\Windows\SysWow64\igklg400.dll
[2009/03/10 04:12:29 | 001,533,360 | ---- | C] () -- C:\Windows\SysWow64\igklg450.dll
[2009/03/10 04:12:29 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/06/24 20:22:20 | 000,546,872 | ---- | M] (Microsoft Corporation) -- C:\bootmgr.efi
[2009/03/10 04:12:38 | 000,003,538 | RH-- | M] () -- C:\dell.sdr
[2010/06/12 17:47:25 | 4283,617,279 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/12 17:47:22 | 302,268,414 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >



OTL Extras logfile created on: 6/12/2010 5:53:07 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Eileen\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 77.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 332.17 Gb Free Space | 73.64% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.21 Gb Free Space | 49.23% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 465.54 Gb Total Space | 447.42 Gb Free Space | 96.11% Space Free | Partition Type: NTFS
Drive G: | 124.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL
Current User Name: Eileen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = D3 5E A4 E3 5E 7B CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1981055513-4272255210-3435094930-1000]
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C177509-1A32-4C8F-9E2E-09715BFF72ED}" = lport=2869 | protocol=6 | dir=in | app=system |
"{323B57BF-55D8-41E7-BFC2-C240D3129FAC}" = lport=53271 | protocol=17 | dir=in | app=c:\programdata\officeguardianv2n\reminder\sacnetagent.exe |
"{9749DC42-E124-45EC-BCD2-D31EB16238E8}" = lport=53272 | protocol=6 | dir=in | app=c:\programdata\officeguardianv2n\reminder\sacnetagent.exe |
"{AC45BBD8-C1A1-4645-99C6-D635A081BAD2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B0A5DF-DE37-402A-97A3-B3E0820C3CFB}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{048A62F1-86C4-41B0-B565-1A8E66777372}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 7600 series\lxdwfax.exe |
"{234C4F07-9A23-4CAF-B0E5-EA7DBF7C2694}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 7600 series\lxdwamon.exe |
"{2BAF101F-2F60-4E56-9165-4E6649BBEF4A}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{31790012-D4D2-4E38-A85B-71A488470B7C}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 7600 series\lxdwfax.exe |
"{37A64A11-7D13-4E10-90FC-B5BF76339F1B}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbkpswx.exe |
"{3C5DB471-38FF-4DEB-AD6E-331ABFCCEC1C}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\vlc\vlc.exe |
"{4115052C-52A1-49AA-A1C8-08D06EE8358C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{41909F21-5806-4462-AB9D-D06C092E9736}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{4671BC71-BC38-4E1B-AB73-F7747B8E0323}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{4ADD4F86-B3AD-4C32-AA82-EF95DCFFFC42}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 7600 series\frun.exe |
"{5331F360-24C9-475B-8A5B-A16511262881}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{5CCDC3A7-584E-43BD-9180-D84FE19CFC2E}" = protocol=6 | dir=in | app=c:\windows\system32\lxdwcoms.exe |
"{6401BF66-0DAC-4CF2-A8FB-111D79D7ABD3}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 7600 series\lxdwamon.exe |
"{7251350B-D81F-45D5-8470-986C3ABE6E74}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdwcoms.exe |
"{7C5927E8-C7F5-4727-82A2-EA10636BB496}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{7EFD91BB-AF3C-4892-A5D1-25D4A2500E9A}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{858F6A05-A110-4360-9775-75F2E817CF05}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{869CEE6D-4954-4C1F-A642-B24ED5E9A45B}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{871109A7-C818-450F-90CA-9D1FACD7BBD6}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe |
"{886ADE1C-552C-47E3-B032-5BEC476D8F02}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{8F058BF2-9CC3-4340-9263-44D0806522C8}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\vlc\vlc.exe |
"{95C2EC8C-1F1B-4CEC-BACD-2C6F7960240B}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbkpswx.exe |
"{BD2A3BF6-0FE3-4426-AEE0-E625A216C4D1}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{D0CEC53E-E22F-414E-90AA-DA76E88793A9}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe |
"{D44BDC56-695C-47DA-B82E-B34C7BD67C85}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdwcoms.exe |
"{E4A2475D-8D9E-4636-B95C-BC63C550519C}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 7600 series\frun.exe |
"{E5E616D7-8FCD-47D0-B89B-9592336F628F}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{E5EE9B6D-B876-4103-BFD2-D0E7687FFE75}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{E7FE0036-C3C8-49A8-9C51-10A8880B9CDE}" = protocol=17 | dir=in | app=c:\windows\system32\lxdwcoms.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Lexmark 7600 Series" = Lexmark 7600 Series
"Lexmark X1100 Series" = Lexmark X1100 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 20
"{27711CB0-26B3-4D99-88A9-4E4D60C34850}" = Family Tree Maker 2009
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3D8F9830-D6A3-413A-9A54-993827A73E47}" = DELL0604
"{48E8E6E4-5E59-43A6-8E6D-FF4D8C5F5992}" = Ancestry World Archives Project - Keying Tool
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat (remove only)
"Family Tree Maker 2009" = Family Tree Maker 2009
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MSC" = McAfee SecurityCenter
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/4/2010 5:48:08 PM | Computer Name = Dell | Source = Perflib | ID = 1023
Description =

Error - 6/4/2010 5:53:35 PM | Computer Name = Dell | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 4424 (0x1148) Thread address : 0x00000000779970AA Thread message : Build VSCORE.14.0.0.435
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\USERS\EILEEN\APPDATA\LOCAL\TEMP\JRE-6U20-WINDOWS-I586-IFTW-RV.EXE

by C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 6/4/2010 6:00:17 PM | Computer Name = Dell | Source = WinMgmt | ID = 10
Description =

Error - 6/4/2010 6:16:25 PM | Computer Name = Dell | Source = EventSystem | ID = 4609
Description =

Error - 6/4/2010 6:17:27 PM | Computer Name = Dell | Source = WinMgmt | ID = 10
Description =

Error - 6/4/2010 6:23:37 PM | Computer Name = Dell | Source = WinMgmt | ID = 10
Description =

Error - 6/4/2010 6:49:05 PM | Computer Name = Dell | Source = WinMgmt | ID = 10
Description =

Error - 6/4/2010 6:58:19 PM | Computer Name = Dell | Source = McLogEvent | ID = 5019
Description = Exception in McShield.Exe! Exception details follow : VSCORE.14.0.0.435
Exception
Code : 0X00000000C0000005 Exception Address : 0X000000000040A081 Exception
Parameters : 2 Param 1 = 0X0000000000000001 Param 2 = 0X0000000000000014 More information
: ScanRequest : NTName is \Device\HarddiskVolume3\Windows\system32\mshtml.tlb.

Error - 6/4/2010 6:58:19 PM | Computer Name = Dell | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 4696 (0x1258) Thread address : 0x0000000077AF70AA Thread message : Build VSCORE.14.0.0.435
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\USERS\EILEEN\APPDATA\LOCAL\TEMP\JRE-6U20-WINDOWS-I586-IFTW-RV.EXE

by C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 6/4/2010 7:09:02 PM | Computer Name = Dell | Source = Application Error | ID = 1000
Description = Faulting application lxdwcoms.exe, version 8.4.13.0, time stamp 0x481bac34,
faulting module lxdwhcp.dll, version 8.4.13.0, time stamp 0x481bac4a, exception
code 0xc0000005, fault offset 0x000000000002ccc0, process id 0xa40, application
start time 0x01cb0437f65c637c.

[ Media Center Events ]
Error - 9/30/2009 7:27:44 PM | Computer Name = Dell | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 4/3/2009 12:26:17 AM | Computer Name = Dell | Source = HTTP | ID = 15016
Description =

Error - 4/3/2009 12:26:47 AM | Computer Name = Dell | Source = WPDMTPDriver | ID = 80836
Description =

Error - 4/3/2009 1:57:59 PM | Computer Name = Dell | Source = HTTP | ID = 15016
Description =

Error - 4/3/2009 1:58:30 PM | Computer Name = Dell | Source = WPDMTPDriver | ID = 80836
Description =

Error - 4/3/2009 2:04:31 PM | Computer Name = Dell | Source = Service Control Manager | ID = 7000
Description =

Error - 4/4/2009 10:34:49 PM | Computer Name = Dell | Source = HTTP | ID = 15016
Description =

Error - 4/4/2009 10:35:21 PM | Computer Name = Dell | Source = WPDMTPDriver | ID = 80836
Description =

Error - 4/5/2009 9:31:30 AM | Computer Name = Dell | Source = HTTP | ID = 15016
Description =

Error - 4/5/2009 9:31:59 AM | Computer Name = Dell | Source = WPDMTPDriver | ID = 80836
Description =

Error - 4/5/2009 11:13:05 AM | Computer Name = Dell | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:07:08 AM on 4/5/2009 was unexpected.


< End of report >



Thank you so much!

eoneill

#5 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:21 AM

Posted 13 June 2010 - 04:53 AM

Hi,

Are both systems connected to internet via same router? Which brand and model?


Let's run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.64.5 213.109.72.21 68.105.28.11
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post results + a new OTL log

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#6 eoneill

eoneill
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 13 June 2010 - 07:25 PM

Hello Blade,

I wasn't sure what you meant by "then post results + a new OTL log." Only one log appeared after I rebooted my computer, so I ran another scan with OTL and have included both logs here. Yes, both computers connect to the internet via the same router- a linksys WRT54GL v1.1.

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Eileen
->Temp folder emptied: 1735365 bytes
->Temporary Internet Files folder emptied: 63160688 bytes
->Java cache emptied: 57885870 bytes
->Flash cache emptied: 41374 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 98505138 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 6155783 bytes

Total Files Cleaned = 217.00 mb


OTL by OldTimer - Version 3.2.6.0 log created on 06132010_201217

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\mcafee_3krFMLUKa0kD9n2 not found!
File\Folder C:\Windows\temp\mcmsc_bmOnje7r9g4AC8e not found!
File\Folder C:\Windows\temp\mcmsc_hBYC2LsrdoPQ7nE not found!
File\Folder C:\Windows\temp\mcmsc_XhPTFXZOS5OVncL not found!
File\Folder C:\Windows\temp\sqlite_8NTaed62v6DtSqV not found!
File\Folder C:\Windows\temp\sqlite_g5BLTl3zc1OUpn5 not found!
File\Folder C:\Windows\temp\sqlite_Lqj3CbAHgpkCmMG not found!
File\Folder C:\Windows\temp\sqlite_xAc4gKmF8PLKmBL not found!

Registry entries deleted on Reboot...




OTL logfile created on: 6/13/2010 8:20:17 PM - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Eileen\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 77.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 333.01 Gb Free Space | 73.83% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.21 Gb Free Space | 49.23% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 465.54 Gb Total Space | 447.42 Gb Free Space | 96.11% Space Free | Partition Type: NTFS
Drive G: | 124.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL
Current User Name: Eileen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Eileen\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\ProgramData\OfficeGuardianV2N\Reminder\SacReminder.exe (Storage Appliance Corp.)
PRC - C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe (SAC)
PRC - C:\ProgramData\OfficeGuardianV2N\UACProxy.exe (Storage Appliance Corp.)
PRC - C:\Program Files (x86)\McAfee.com\Agent\mcupdate.exe (McAfee, Inc.)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MSM\McSmtFwk.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
PRC - C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe (Dell Inc.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe ()
PRC - C:\Program Files (x86)\Lexmark 7600 Series\lxdwmsdmon.exe ()
PRC - C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmgr.exe (Lexmark International, Inc.)
PRC - C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmon.exe (Lexmark International, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Eileen\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (AERTFilters) -- C:\Windows\SysNative\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (lxdw_device) -- C:\Windows\SysNative\lxdwcoms.exe ( )
SRV:64bit: - (lxdwCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdwserv.exe ()
SRV:64bit: - (lxbk_device) -- C:\Windows\SysNative\lxbkcoms.exe ( )
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (SacNetAgentService_C57C4F854F53) -- C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe (SAC)
SRV - (CFUACProxy_officeguardianv2n) -- C:\ProgramData\OfficeGuardianV2N\UACProxy.exe (Storage Appliance Corp.)
SRV - (MpfService) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (hnmsvc) -- c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (lxdw_device) -- C:\Windows\SysWow64\lxdwcoms.exe ( )
SRV - (lxbk_device) -- C:\Windows\SysWow64\lxbkcoms.exe ( )
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 09:34:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (MPFP) -- C:\Windows\SysNative\Drivers\Mpfp.sys (McAfee, Inc.)
DRV:64bit: - (Packet) -- C:\Windows\SysNative\DRIVERS\packet.sys (SingleClick Systems)
DRV:64bit: - (e1express) Intel® -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/09 04:06:09 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxbkbmgr.exe] C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [lxdwamon] C:\Program Files (x86)\Lexmark 7600 Series\lxdwamon.exe ()
O4:64bit: - HKLM..\Run: [lxdwmon.exe] C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Lexmark 7600 Series] C:\Program Files (x86)\Lexmark 7600 Series\fm3032.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SacReminderHDDV2N] C:\ProgramData\OfficeGuardianV2N\Reminder\SacReminder.exe (Storage Appliance Corp.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Eileen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.64.5 213.109.72.21 68.105.28.11
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Eileen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Eileen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/09 21:33:51 | 000,000,044 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/12/07 06:15:22 | 000,000,097 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{a290e8d2-3b89-11df-93c8-00219b2d84d6}\Shell - "" = AutoRun
O33 - MountPoints2\{a290e8d2-3b89-11df-93c8-00219b2d84d6}\Shell\AutoRun\command - "" = G:\StartClickFreeBackup.exe -- [2010/04/16 11:45:28 | 001,140,616 | R--- | M] (Storage Appliance Corp.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/13 20:12:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/12 17:51:00 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\Eileen\Desktop\OTL.exe
[2010/06/11 21:08:06 | 000,000,000 | ---D | C] -- C:\Users\Eileen\Desktop\Computer Repair Info
[2010/06/11 21:06:32 | 000,000,000 | ---D | C] -- C:\Users\Eileen\AppData\Roaming\Malwarebytes
[2010/06/11 21:06:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/06/11 21:06:19 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/06/11 21:06:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/06/11 21:06:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/09 04:06:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/08 16:29:30 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/06/08 16:29:30 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/06/08 16:29:30 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/06/08 16:29:30 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/06/08 16:29:21 | 002,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/06/08 16:29:21 | 001,147,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010/06/08 16:29:21 | 001,062,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010/06/08 16:29:21 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/06/08 16:29:21 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/06/08 16:29:21 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/06/08 16:29:21 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010/06/08 16:29:21 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/06/08 16:29:21 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/06/08 16:29:20 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/06/08 16:29:20 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/06/08 16:29:20 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010/06/08 16:29:20 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/06/08 16:29:20 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/06/08 16:29:20 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/06/08 16:29:20 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/06/08 16:29:20 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/06/08 16:29:20 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/06/08 16:29:20 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/06/08 16:29:20 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010/06/08 16:29:18 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/06/08 16:29:18 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/06/08 16:29:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010/06/08 16:29:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010/06/08 16:29:17 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/06/08 16:29:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/06/08 16:29:17 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/06/08 16:29:17 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/06/08 16:29:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/06/08 16:29:17 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/06/08 16:29:17 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2010/06/08 16:29:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/06/08 16:29:17 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/06/08 16:29:14 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\asycfilt.dll
[2010/06/08 16:29:14 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\asycfilt.dll
[2010/06/04 18:14:17 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2009/08/25 19:56:01 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwinpa.dll
[2009/08/25 19:56:01 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwiesc.dll
[2009/08/25 19:56:00 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwpmui.dll
[2009/08/25 19:55:59 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwserv.dll
[2009/08/25 19:55:59 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwusb1.dll
[2009/08/25 19:55:58 | 000,679,936 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwhbn3.dll
[2009/08/25 19:55:58 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwlmpm.dll
[2009/08/25 19:55:57 | 000,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwcomc.dll
[2009/08/25 19:55:57 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwcomm.dll
[2009/03/22 16:24:50 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkserv.dll
[2009/03/22 16:24:50 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkusb1.dll
[2009/03/22 16:24:50 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkhbn3.dll
[2009/03/22 16:24:50 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpmui.dll
[2009/03/22 16:24:50 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbklmpm.dll
[2009/03/22 16:24:50 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkinpa.dll
[2009/03/22 16:24:50 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkiesc.dll
[2009/03/22 16:24:50 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkprox.dll
[2009/03/22 16:24:50 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpplc.dll
[2009/03/22 16:24:49 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomc.dll
[2009/03/22 16:24:49 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomm.dll
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/13 20:20:39 | 002,359,296 | -HS- | M] () -- C:\Users\Eileen\NTUSER.DAT
[2010/06/13 20:15:16 | 000,021,849 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2010/06/13 20:14:39 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/13 20:14:39 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/13 20:14:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/13 20:14:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/13 20:14:27 | 4283,617,279 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/13 20:13:28 | 000,524,288 | -HS- | M] () -- C:\Users\Eileen\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/06/13 20:13:28 | 000,065,536 | -HS- | M] () -- C:\Users\Eileen\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/06/13 20:13:27 | 006,291,456 | -H-- | M] () -- C:\Users\Eileen\AppData\Local\IconCache.db
[2010/06/12 17:51:10 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Eileen\Desktop\OTL.exe
[2010/06/11 21:06:23 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/09 20:20:18 | 000,025,600 | ---- | M] () -- C:\Users\Eileen\Documents\Glen Lennox Apartment styles.doc
[2010/06/09 05:27:37 | 000,280,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/06 18:27:11 | 000,001,771 | ---- | M] () -- C:\Users\Eileen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2010/06/04 19:12:16 | 476,825,294 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/26 13:23:46 | 000,048,128 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/05/26 13:06:41 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/05/26 11:10:41 | 000,366,080 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/05/26 10:47:41 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/11 21:06:23 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/09 20:20:18 | 000,025,600 | ---- | C] () -- C:\Users\Eileen\Documents\Glen Lennox Apartment styles.doc
[2010/06/04 18:53:51 | 000,437,266 | ---- | C] () -- C:\Users\Eileen\AppData\Local\dd_vcredistMSI2F10.txt
[2010/06/04 18:53:49 | 000,011,482 | ---- | C] () -- C:\Users\Eileen\AppData\Local\dd_vcredistUI2F10.txt
[2010/06/04 18:53:49 | 000,010,558 | ---- | C] () -- C:\Users\Eileen\AppData\Local\dd_vcredistUI2F11.txt
[2010/06/04 18:22:20 | 4283,617,279 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/04 17:49:51 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/06/04 17:48:33 | 000,439,610 | ---- | C] () -- C:\Users\Eileen\AppData\Local\dd_vcredistMSI7D1C.txt
[2010/06/04 17:48:33 | 000,011,450 | ---- | C] () -- C:\Users\Eileen\AppData\Local\dd_vcredistUI7D1C.txt
[2010/06/04 17:48:33 | 000,010,606 | ---- | C] () -- C:\Users\Eileen\AppData\Local\dd_vcredistUI7D1D.txt
[2009/12/02 22:26:49 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/02 22:26:17 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/25 19:59:52 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdwdrs.dll
[2009/08/25 19:59:52 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdwcaps.dll
[2009/08/25 19:59:52 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdwcnv4.dll
[2009/08/25 19:56:02 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\LXDWinst.dll
[2009/08/25 19:56:02 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdwcomx.dll
[2009/03/22 16:27:05 | 000,000,236 | ---- | C] () -- C:\Windows\Lexstat.ini
[2009/03/22 16:24:50 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbkutil.dll
[2009/03/22 16:24:50 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBKinst.dll
[2009/03/10 04:12:29 | 001,953,696 | ---- | C] () -- C:\Windows\SysWow64\igklg400.dll
[2009/03/10 04:12:29 | 001,533,360 | ---- | C] () -- C:\Windows\SysWow64\igklg450.dll
[2009/03/10 04:12:29 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >


Thank you!
eoneill

#7 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:21 AM

Posted 14 June 2010 - 04:01 AM

Hi,

You have to restore router to factory default settings and change default password to stronger one. Example of reseting here.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#8 eoneill

eoneill
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 14 June 2010 - 12:32 PM

Hey,

I just finished resetting the router and everything. Should everything be okay now?

Thanks!

#9 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:21 AM

Posted 14 June 2010 - 01:22 PM

Hi,

Reboot system and see if redirecting occurs. Post also a fresh otl.txt log.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#10 eoneill

eoneill
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 15 June 2010 - 05:58 PM

Rebooted and everything seems to be working well. Here's the OTL:

OTL logfile created on: 6/15/2010 6:50:32 PM - Run 3
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Eileen\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 80.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 333.68 Gb Free Space | 73.98% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.21 Gb Free Space | 49.23% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 465.54 Gb Total Space | 447.42 Gb Free Space | 96.11% Space Free | Partition Type: NTFS
Drive G: | 124.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL
Current User Name: Eileen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Eileen\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\ProgramData\OfficeGuardianV2N\Reminder\SacReminder.exe (Storage Appliance Corp.)
PRC - C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe (SAC)
PRC - C:\ProgramData\OfficeGuardianV2N\UACProxy.exe (Storage Appliance Corp.)
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
PRC - C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe (SingleClick Systems)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe ()
PRC - C:\Program Files (x86)\Lexmark 7600 Series\lxdwmsdmon.exe ()
PRC - C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmgr.exe (Lexmark International, Inc.)
PRC - C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmon.exe (Lexmark International, Inc.)
PRC - C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Eileen\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (AERTFilters) -- C:\Windows\SysNative\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (lxdw_device) -- C:\Windows\SysNative\lxdwcoms.exe ( )
SRV:64bit: - (lxdwCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdwserv.exe ()
SRV:64bit: - (lxbk_device) -- C:\Windows\SysNative\lxbkcoms.exe ( )
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (mcmscsvc) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (SacNetAgentService_C57C4F854F53) -- C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe (SAC)
SRV - (CFUACProxy_officeguardianv2n) -- C:\ProgramData\OfficeGuardianV2N\UACProxy.exe (Storage Appliance Corp.)
SRV - (MpfService) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (hnmsvc) -- c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
SRV - (dsl-fs-sync) -- C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe (SingleClick Systems)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (lxdw_device) -- C:\Windows\SysWow64\lxdwcoms.exe ( )
SRV - (lxbk_device) -- C:\Windows\SysWow64\lxbkcoms.exe ( )
SRV - (Apache2.2) -- C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (dsl-db) -- C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe ()
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 09:34:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (MPFP) -- C:\Windows\SysNative\Drivers\Mpfp.sys (McAfee, Inc.)
DRV:64bit: - (Packet) -- C:\Windows\SysNative\DRIVERS\packet.sys (SingleClick Systems)
DRV:64bit: - (e1express) Intel® -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/09 04:06:09 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxbkbmgr.exe] C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [lxdwamon] C:\Program Files (x86)\Lexmark 7600 Series\lxdwamon.exe ()
O4:64bit: - HKLM..\Run: [lxdwmon.exe] C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Lexmark 7600 Series] C:\Program Files (x86)\Lexmark 7600 Series\fm3032.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SacReminderHDDV2N] C:\ProgramData\OfficeGuardianV2N\Reminder\SacReminder.exe (Storage Appliance Corp.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Eileen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Eileen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Eileen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/09 21:33:51 | 000,000,044 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/12/07 06:15:22 | 000,000,097 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{a290e8d2-3b89-11df-93c8-00219b2d84d6}\Shell - "" = AutoRun
O33 - MountPoints2\{a290e8d2-3b89-11df-93c8-00219b2d84d6}\Shell\AutoRun\command - "" = G:\StartClickFreeBackup.exe -- [2010/04/16 11:45:28 | 001,140,616 | R--- | M] (Storage Appliance Corp.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/13 20:12:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/12 17:51:00 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\Eileen\Desktop\OTL.exe
[2010/06/11 21:08:06 | 000,000,000 | ---D | C] -- C:\Users\Eileen\Desktop\Computer Repair Info
[2010/06/11 21:06:32 | 000,000,000 | ---D | C] -- C:\Users\Eileen\AppData\Roaming\Malwarebytes
[2010/06/11 21:06:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/06/11 21:06:19 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/06/11 21:06:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/06/11 21:06:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/09 04:06:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/08 16:29:30 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/06/08 16:29:30 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/06/08 16:29:30 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/06/08 16:29:30 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/06/08 16:29:21 | 002,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/06/08 16:29:21 | 001,147,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010/06/08 16:29:21 | 001,062,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010/06/08 16:29:21 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/06/08 16:29:21 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/06/08 16:29:21 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/06/08 16:29:21 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010/06/08 16:29:21 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/06/08 16:29:21 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/06/08 16:29:20 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/06/08 16:29:20 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/06/08 16:29:20 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010/06/08 16:29:20 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/06/08 16:29:20 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/06/08 16:29:20 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/06/08 16:29:20 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/06/08 16:29:20 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/06/08 16:29:20 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/06/08 16:29:20 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/06/08 16:29:20 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010/06/08 16:29:18 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/06/08 16:29:18 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/06/08 16:29:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010/06/08 16:29:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010/06/08 16:29:17 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/06/08 16:29:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/06/08 16:29:17 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/06/08 16:29:17 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/06/08 16:29:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/06/08 16:29:17 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/06/08 16:29:17 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2010/06/08 16:29:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/06/08 16:29:17 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/06/08 16:29:14 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\asycfilt.dll
[2010/06/08 16:29:14 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\asycfilt.dll
[2010/06/04 18:14:17 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2009/08/25 19:56:01 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwinpa.dll
[2009/08/25 19:56:01 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwiesc.dll
[2009/08/25 19:56:00 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwpmui.dll
[2009/08/25 19:55:59 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwserv.dll
[2009/08/25 19:55:59 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwusb1.dll
[2009/08/25 19:55:58 | 000,679,936 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwhbn3.dll
[2009/08/25 19:55:58 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwlmpm.dll
[2009/08/25 19:55:57 | 000,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwcomc.dll
[2009/08/25 19:55:57 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwcomm.dll
[2009/03/22 16:24:50 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkserv.dll
[2009/03/22 16:24:50 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkusb1.dll
[2009/03/22 16:24:50 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkhbn3.dll
[2009/03/22 16:24:50 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpmui.dll
[2009/03/22 16:24:50 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbklmpm.dll
[2009/03/22 16:24:50 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkinpa.dll
[2009/03/22 16:24:50 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkiesc.dll
[2009/03/22 16:24:50 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkprox.dll
[2009/03/22 16:24:50 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpplc.dll
[2009/03/22 16:24:49 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomc.dll
[2009/03/22 16:24:49 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomm.dll
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/15 18:54:18 | 002,359,296 | -HS- | M] () -- C:\Users\Eileen\NTUSER.DAT
[2010/06/15 18:49:53 | 000,022,583 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2010/06/15 18:49:07 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/15 18:49:07 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/15 18:49:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/15 18:48:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/15 18:48:54 | 4283,617,279 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/14 23:44:30 | 000,524,288 | -HS- | M] () -- C:\Users\Eileen\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/06/14 23:44:30 | 000,065,536 | -HS- | M] () -- C:\Users\Eileen\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/06/14 13:33:06 | 001,485,267 | -H-- | M] () -- C:\Users\Eileen\AppData\Local\IconCache.db
[2010/06/12 17:51:10 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Eileen\Desktop\OTL.exe
[2010/06/11 21:06:23 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/09 20:20:18 | 000,025,600 | ---- | M] () -- C:\Users\Eileen\Documents\Glen Lennox Apartment styles.doc
[2010/06/09 05:27:37 | 000,280,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/06 18:27:11 | 000,001,771 | ---- | M] () -- C:\Users\Eileen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2010/06/04 19:12:16 | 476,825,294 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/26 13:23:46 | 000,048,128 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/05/26 13:06:41 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/05/26 11:10:41 | 000,366,080 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/05/26 10:47:41 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/11 21:06:23 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/09 20:20:18 | 000,025,600 | ---- | C] () -- C:\Users\Eileen\Documents\Glen Lennox Apartment styles.doc
[2010/06/04 18:53:51 | 000,437,266 | ---- | C] () -- C:\Users\Eileen\AppData\Local\dd_vcredistMSI2F10.txt
[2010/06/04 18:53:49 | 000,011,482 | ---- | C] () -- C:\Users\Eileen\AppData\Local\dd_vcredistUI2F10.txt
[2010/06/04 18:53:49 | 000,010,558 | ---- | C] () -- C:\Users\Eileen\AppData\Local\dd_vcredistUI2F11.txt
[2010/06/04 18:22:20 | 4283,617,279 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/04 17:49:51 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/06/04 17:48:33 | 000,439,610 | ---- | C] () -- C:\Users\Eileen\AppData\Local\dd_vcredistMSI7D1C.txt
[2010/06/04 17:48:33 | 000,011,450 | ---- | C] () -- C:\Users\Eileen\AppData\Local\dd_vcredistUI7D1C.txt
[2010/06/04 17:48:33 | 000,010,606 | ---- | C] () -- C:\Users\Eileen\AppData\Local\dd_vcredistUI7D1D.txt
[2009/12/02 22:26:49 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/02 22:26:17 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/25 19:59:52 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdwdrs.dll
[2009/08/25 19:59:52 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdwcaps.dll
[2009/08/25 19:59:52 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdwcnv4.dll
[2009/08/25 19:56:02 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\LXDWinst.dll
[2009/08/25 19:56:02 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdwcomx.dll
[2009/03/22 16:27:05 | 000,000,236 | ---- | C] () -- C:\Windows\Lexstat.ini
[2009/03/22 16:24:50 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbkutil.dll
[2009/03/22 16:24:50 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBKinst.dll
[2009/03/10 04:12:29 | 001,953,696 | ---- | C] () -- C:\Windows\SysWow64\igklg400.dll
[2009/03/10 04:12:29 | 001,533,360 | ---- | C] () -- C:\Windows\SysWow64\igklg450.dll
[2009/03/10 04:12:29 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >


Thanks!
thumbup.gif
eoneill

#11 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:21 AM

Posted 16 June 2010 - 10:21 AM

Looks good for the final steps smile.gif


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Uncheck any checkboxes listed for your hard drives.
7. Press OK.


B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 6. check any checkboxes listed for your hard drives.


  • Double-click OTL.exe.
  • Click the CleanUp! button.
  • Select Yes when the
    Begin cleanup Process?
    prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
  • hosts file:
    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!
    Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
    If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    1. Click the start button (at the lower left hand corner of your screen)
    2. Click run
    3. In the dialog box, type services.msc
    4. hit enter, then locate dns client
    5. Highlight it, then double-click it.
    6. On the dropdown box, change the setting from automatic to manual.
    7. Click ok
  • Run Secunia vulnerability check here and fix its findings.


  • Just a final reminder for you. I am trying to stress these two points.
    UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
    Make sure all of your security programs are up to date.
    Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


    Once again, please post and tell me how things are going with your system... problems etc.

    Have a great day,
    Blade cool.gif

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #12 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:04:21 AM

    Posted 25 June 2010 - 08:30 AM

    Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. smile.gif

    If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

    Everyone else please begin a New Topic.

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users