Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Search Redirector


  • This topic is locked This topic is locked
15 replies to this topic

#1 Magic Dude

Magic Dude

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 18 October 2010 - 07:54 AM

This virus/trojan redirects my search results to various sites such as us.answerfinder.info, juggle.com and various others.

I have run MalwareBytes and removed some items it has found but now it doesn't find anything nor does MCafee Scans.

Gmer.exe will not complete successfully I get error conditions with a dialog box V0350Mon.exe Instruction at Ox00F50004 could not be read, Click Ok to terminate. After running gmer.exe, the computer won't work properly and must be manually rebooted.

DDS.txt

DDS (Ver_10-10-10.03) - NTFSx86
Run by Mattr at 7:45:53.28 on Sun 10/17/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1336 [GMT -7:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: McAfee Host Intrusion Prevention Firewall *enabled* {2F1275E3-2F4F-43E9-944B-3F63F9BDA5F5}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Seagate\SeagateManager\Sync\MaxSync.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
C:\WINDOWS\SYSTEM32\SAiDownloader.exe
C:\WINDOWS\SYSTEM32\SAiLicSvr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TiVo\Desktop\TiVoBeacon.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\V0350Mon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\EssentialPIM Pro\EssentialPIM.exe
C:\Program Files\Ditto\Ditto.exe
C:\Program Files\EssentialPIM Pro\EssentialPIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Mattr\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = webcache.sfbay.sun.com:8080
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - No File
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: BHO Class: {b0d3d090-ce97-4e3e-a388-cfd55b1f5e63} - c:\program files\tvharmony\IEdler.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
BHO: Burn4Free Toolbar Helper: {d187a56b-a33f-4cbe-9d77-459fc0bae012} - c:\program files\burn4free toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: PatentHunter: {bcb2344b-3d5b-46d7-861b-a8f27e4fe602} - c:\program files\patentwizard, llc\patenthunter3\PHToolBand.dll
TB: {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No File
TB: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No File
TB: Burn4Free Toolbar: {4f11acbb-393f-4c86-a214-ff3d0d155cc3} - c:\program files\burn4free toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: @c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No File
uRun: [EssentialPIM Pro] "c:\program files\essentialpim pro\EssentialPIM.exe" /autorun
uRun: [Ditto] c:\program files\ditto\Ditto.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [V0350Mon.exe] c:\windows\V0350Mon.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [tcpwindowsize.exe_executed] c:\windows\orclobi\repDB_1.exe /PN=tcpwindowsize.exe_executed /PV=1.0.0.0 /PT=05/20/10 15:53:04T /RETRY=7
mRun: [tcpwindowsize.exe_finished] c:\windows\orclobi\repDB_2.exe /PN=tcpwindowsize.exe_finished /PV=1.0.0.0 /PT=05/20/10 15:53:26T /RETRY=7
mRun: [TweakAutomaticUpdates] c:\windows\orclobi\gdswsuspatch_soon.exe /s
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfee Host Intrusion Prevention Tray] "c:\program files\mcafee\host intrusion prevention\FireTray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
dRunOnce: [MPlayer2_FixUp] c:\windows\inf\unregmp2.exe /Fixups
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{51fb15f4-ad27-43bc-ad4b-dd0354fb6bbd}\Icon3E5562ED7.ico
IE: &PHToolBand -
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {5CC5AADB-AD8E-433a-A5DE-46F33901281A} - c:\program files\pc techzone\merlin auctionmagic\ie toolbar\iebutton.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BB29DC6-4046-4aa1-B590-C29372456BA0} - {9A85FF39-28A4-4bf1-8290-DD075267FF35} - c:\windows\downloaded program files\ClickMap.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - {1FBA04EE-3024-11D2-8F1F-0000F87ABD16} c:\program files\irfanview\ebay\ebay.htm - c:\program files\irfanview\ebay\ebay.htm\inprocserver32 does not exist!
DPF: bandInstaller - hxxps://sitecatalyst.omniture.com/sc12/clickmap/ClickMapInstaller.CAB
DPF: {0000000A-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install/00/alttiff.cab
DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - hxxp://download.ebay.com/turbo_lister/US/install.cab
DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} - hxxp://vapwfa.ops.placeware.com/etc/place/FOLDER/VAFpws-a1/5.1.8.511/lib/quicksilver.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18}
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://sunmeetings.webex.com/client/T25L/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mattr\applic~1\mozilla\firefox\profiles\xv6uyd8o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
FF - prefs.js: network.proxy.ftp - webcache.sfbay.sun.com
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - webcache.sfbay.sun.com
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.ssl - webcache.sfbay.sun.com
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\mcafee\siteadvisor enterprise\components\McFFPlg.dll
FF - plugin: c:\documents and settings\mattr\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\mattr\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-20 343760]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\mcafee\host intrusion prevention\FireSvc.exe [2009-10-20 1489984]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]
R2 hips;McAfee HIPSCore Service;c:\program files\mcafee\host intrusion prevention\hipscore\HIPSvc.exe [2010-5-20 35696]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [2009-12-16 222528]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\engineserver.exe [2009-10-22 21256]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-9-22 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2009-10-22 146448]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2009-10-22 66896]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-5-20 70728]
R2 MyDesktopWindows;MyDesktopService;c:\windows\orclobi\mydesktop\MyDesktopService.exe [2010-8-24 1032704]
R2 QOSMyDesktop;QOS MyDesktop;c:\windows\orclobi\mydesktop\MyDesktopQOS.exe [2009-10-13 470016]
R2 SAiDownloader;SAiDownloader;c:\windows\system32\SAiDownloader.exe [2008-7-28 438272]
R2 SAiLicSvr;SAiLicSvr;c:\windows\system32\SAiLicSvr.exe [2008-7-28 86016]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2007-4-27 316992]
R2 TivoBeacon2;TiVo Beacon Service;c:\program files\tivo\desktop\TiVoBeacon.exe [2009-11-2 1098968]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2010-5-5 583360]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-13 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 dsdd;dsdd;c:\windows\system32\drivers\dsvideo.sys [2010-8-19 2144]
R3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [2010-5-20 44680]
R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [2010-5-20 107960]
R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [2010-5-20 38680]
R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [2010-5-20 35584]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-5-20 91672]
R3 owcmirrorV1;owcmirrorV1;c:\windows\system32\drivers\owcmirrorminiV1.sys [2010-3-16 3712]
R3 VF0350Afx;VF0350 Audio FX;c:\windows\system32\drivers\V0350Afx.sys [2008-1-31 142656]
R3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\drivers\V0350Vfx.sys [2008-1-31 7424]
R3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\drivers\V0350Vid.sys [2008-1-31 170368]
S2 gupdate1caa45020ee47ca;Google Update Service (gupdate1caa45020ee47ca);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 133104]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2010-2-10 401920]
S3 CDVDService;CDVDService;c:\program files\1step dvd copy\CDVDService.exe [2010-9-10 348160]
S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [2010-5-20 44680]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-5-20 43288]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-5-20 65448]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
UnknownUnknown dsload;dsload; [x]

============== File Associations ===============

.reg=Regedit.Document

=============== Created Last 30 ================

2010-10-16 13:53:34 39816 ----a-w- c:\windows\system32\HIPIS0e011af.dll
2010-10-14 04:57:01 -------- d-----w- c:\windows\pss
2010-10-13 21:04:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 21:04:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 20:58:38 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-09-23 01:10:52 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-09-23 01:10:52 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2010-09-21 15:49:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\MagicSoftware
2010-09-21 15:49:07 -------- d-----w- c:\program files\MagicDVDRipper
2010-09-18 19:23:26 974848 -c----w- c:\windows\system32\dllcache\mfc42u.dll

==================== Find3M ====================

2010-10-08 21:22:34 49 ----a-w- c:\windows\wpd99.drv
2010-10-07 08:28:38 136512 ----a-w- c:\windows\system32\KevlarSigs.dll
2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38:01 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57:57 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 16:21:13 226656 ------w- c:\program files\cnsload_1282062073916.tmp
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-09 19:49:48 226656 ------w- c:\program files\cnsload_1281383388687.tmp
2010-06-09 17:03:27 226656 ------w- c:\program files\cnsload_1276103007000.tmp
2010-06-01 16:06:24 226656 ------w- c:\program files\cnsload_1275408384953.tmp
2010-05-11 16:03:47 226656 ------w- c:\program files\cnsload_1273593827921.tmp
2010-04-07 15:09:28 226656 ------w- c:\program files\cnsload_1270652968203.tmp
2010-03-11 21:06:38 226656 ------w- c:\program files\cnsload_1268341598593.tmp

============= FINISH: 7:47:45.01 ===============

Upon reading another similar post, I have decided to post the RKUnHooker results per the following instructions:

Scan With RKUnHooker

* Please Download Rootkit Unhooker Save it to your desktop.
* Now double-click on RKUnhookerLE.exe to run it.
* Click the Report tab, then click Scan.
* Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
* Wait till the scanner has finished and then click File, Save Report.
* Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.



RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB995D000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1302528 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF077000 C:\WINDOWS\System32\ialmdd5.DLL 925696 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xB977E000 C:\WINDOWS\system32\drivers\senfilt.sys 733184 bytes (Creative Technology Ltd., Creative WDM Audio Driver)
0xB0B1B000 c:\WINDOWS\system32\Drivers\CVPNDRVA.sys 589824 bytes (Cisco Systems, Inc., Cisco Systems VPN Client IPSec Driver)
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB1401000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF7AC5000 timntr.sys 393216 bytes (Acronis, Acronis True Image Backup Archive Explorer)
0xB968A000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB1556000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB0A0A000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBA778000 mfehidk.sys 335872 bytes (McAfee, Inc., McAfee Link Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB9855000 C:\WINDOWS\system32\drivers\smwdm.sys 262144 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xBF042000 C:\WINDOWS\System32\ialmdev5.DLL 217088 bytes (Intel Corporation, Component GHAL Driver)
0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB0CB0000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7B25000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF7852000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)
0xAF59C000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB1499000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB13D7000 C:\WINDOWS\system32\DRIVERS\V0350Vid.sys 172032 bytes (Creative Technology Ltd., Video Capture Device Driver)
0xB14E6000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB98FF000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 155648 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xB150E000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB0ED0000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB9831000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9925000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB98C8000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB13B4000 C:\WINDOWS\system32\Drivers\V0350Afx.sys 143360 bytes (Creative Technology Ltd., Advanced Audio FX Driver)
0xB14C4000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB1534000 C:\WINDOWS\system32\Drivers\FireTDI.sys 139264 bytes (McAfee, Inc., McAfee HIP Application Firewall Driver)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7A1C000 FirePM.sys 131072 bytes (McAfee, Inc., McAfee HIP Policy Manager)
0xF7832000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74D8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9760000 C:\WINDOWS\system32\DRIVERS\dne2000.sys 122880 bytes (Deterministic Networks, Inc., Deterministic Network Enhancer)
0xBA7E4000 snapman.sys 114688 bytes (Acronis, Acronis Snapshot API)
0xBA7CA000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF787E000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)
0xB0A8A000 C:\WINDOWS\system32\drivers\HIPK.sys 102400 bytes (McAfee, Inc., HIPS Content Driver)
0xB11DD000 C:\WINDOWS\system32\dla\tfsnudf.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xB11C4000 C:\WINDOWS\system32\dla\tfsnudfa.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xF74A8000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB1374000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF74C0000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF795B000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9749000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB121E000 C:\WINDOWS\system32\dla\tfsnifs.sys 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7972000 drvmcdb.sys 86016 bytes (Sonic Solutions, Device Driver)
0xAFB5F000 C:\WINDOWS\system32\drivers\mfeavfk.sys 86016 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xB0C73000 C:\WINDOWS\System32\Drivers\SENTINEL.SYS 86016 bytes (SafeNet, Inc., Sentinel System Driver (NT Parallel driver))
0xB0DF3000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB98EB000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB9949000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB15AF000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF7A3C000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xAF692000 C:\WINDOWS\system32\drivers\mfeapfk.sys 69632 bytes (McAfee, Inc., Access Protection Filter Driver)
0xF7597000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB9738000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB9E06000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF74F7000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7517000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF7488000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7498000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB0FC4000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB9DF6000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xBA718000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7657000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)
0xF7627000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xBA708000 C:\WINDOWS\system32\drivers\mfetdik.sys 57344 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0xF76B7000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7527000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7468000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7617000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7428000 C:\WINDOWS\System32\Drivers\Pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0xF7697000 ql12160.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF7687000 ql1280.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF7448000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF76E7000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF7577000 agpCPQ.sys 45056 bytes (Microsoft Corporation, CompatNT AGP Filter)
0xF76F7000 alim1541.sys 45056 bytes (Microsoft Corporation, ALi M1541 NT AGP Filter)
0xF7587000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)
0xBA6E8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7507000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7607000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7458000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF76C7000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xB9AAB000 C:\WINDOWS\system32\drivers\drvnddm.sys 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF7478000 C:\WINDOWS\system32\DRIVERS\firehk.sys 40960 bytes (McAfee, Inc., McAfee HIP Firewall NDIS Driver)
0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA738000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7677000 ql1080.sys 40960 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF7647000 ql1240.sys 40960 bytes (Microsoft Corporation, QLogic ISP PCI Adapters)
0xF76D7000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xF7418000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF76A7000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB9DE6000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7537000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7438000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA6F8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xAF6A3000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB07F2000 C:\Program Files\Seiki\FlexiSTARTER Seiki Edition\Program\Par1284.sys 36864 bytes (Warp Nine Engineering, IEEE 1284 Driver)
0xF7637000 ql10wnt.sys 36864 bytes (Microsoft Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xB9A9B000 C:\WINDOWS\system32\dla\tfsncofs.sys 36864 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7667000 ultra.sys 36864 bytes (Promise Technology, Inc., Promise Ultra66 Miniport Driver)
0xBA6D8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7777000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver)
0xB11B4000 C:\WINDOWS\system32\drivers\HIPPSK.sys 32768 bytes (McAfee, Inc., Process Start Monitor Driver)
0xF77D7000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7737000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)
0xF7747000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)
0xBA62F000 C:\WINDOWS\system32\DRIVERS\tifsfilt.sys 32768 bytes (Acronis, Acronis True Image File System Filter)
0xF780F000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF77EF000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF771F000 asc.sys 28672 bytes (Advanced System Products, Inc., AdvanSys SCSI Controller Driver)
0xBA647000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xB119C000 C:\WINDOWS\system32\drivers\HIPQK.sys 28672 bytes (McAfee, Inc., HipsCore Query interface)
0xF7767000 hpn.sys 28672 bytes (Microsoft Corporation, NetRAID-4M Miniport Driver)
0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF776F000 perc2.sys 28672 bytes (Microsoft Corporation, PERC 2 Miniport Driver)
0xF773F000 sym_hi.sys 28672 bytes (LSI Logic, Symbios Hi-Perf SCSI Miniport Driver)
0xBA627000 C:\WINDOWS\system32\dla\tfsnboio.sys 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xB96E8000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF774F000 ABP480N5.SYS 24576 bytes (Microsoft Corporation, AdvanSys SCSI Controller Driver)
0xF7757000 asc3350p.sys 24576 bytes (Microsoft Corporation, AdvanSys SCSI Card Driver)
0xB118C000 C:\WINDOWS\system32\drivers\firelm01.sys 24576 bytes (McAfee, Inc., McAfee HIP Firewall Content Driver)
0xF77FF000 C:\WINDOWS\system32\drivers\gearaspiwdm.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF77F7000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA64F000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF77BF000 C:\WINDOWS\system32\drivers\ssrtln.sys 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF77E7000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF77C7000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA637000 C:\WINDOWS\System32\drivers\aspi32.sys 20480 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xF775F000 dpti2o.sys 20480 bytes (Microsoft Corporation, DPT SmartRAID miniport)
0xF772F000 i2omp.sys 20480 bytes (Microsoft Corporation, I2O Miniport Driver)
0xF7727000 mraid35x.sys 20480 bytes (American Megatrends Inc., MegaRAID RAID Controller Driver for Windows Whistler 32)
0xF77CF000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7817000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF777F000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF781F000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7717000 sparrow.sys 20480 bytes (Adaptec, Inc., Adaptec AIC-6x60 series SCSI miniport)
0xF7807000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA63F000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF789F000 aha154x.sys 16384 bytes (Microsoft Corporation, Adaptec AHA-154x series SCSI miniport)
0xF78AB000 asc3550.sys 16384 bytes (Advanced System Products, Inc., AdvanSys Ultra-Wide PCI SCSI Driver)
0xF78B3000 cbidf2k.sys 16384 bytes (Microsoft Corporation, CardBus/PCMCIA IDE Miniport Driver)
0xF789B000 cpqarray.sys 16384 bytes (Microsoft Corporation, Compaq Drive Array Controllers SCSI Miniport Driver)
0xF78A3000 dac960nt.sys 16384 bytes (Microsoft Corporation, Mylex Disk Array Controller Driver)
0xF78AF000 ini910u.sys 16384 bytes (Microsoft Corporation, INITIO ini910u SCSI miniport)
0xBA363000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB11FA000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA5D7000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB12A0000 C:\WINDOWS\system32\dla\tfsnopio.sys 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xF78A7000 amsint.sys 12288 bytes (Microsoft Corporation, AMD SCSI/NET Controller)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA698000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB148D000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xBA5EB000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xB1481000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA5CF000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA5E7000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF798B000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xF79A9000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7995000 cd20xrnt.sys 8192 bytes (Microsoft Corporation, IBM Portable CD-ROM Drive Miniport)
0xF798D000 cmdide.sys 8192 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
0xB9CAA000 C:\WINDOWS\system32\DRIVERS\CVirtA.sys 8192 bytes (Cisco Systems, Inc., Cisco Systems VPN Adapter)
0xB9CA8000 C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 8192 bytes (Gteko Ltd., GUniDriver)
0xB9CB2000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF79A7000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7993000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79AB000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7997000 perc2hib.sys 8192 bytes (Microsoft Corporation, PERC 2 Hibernate Driver)
0xF79AD000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79CB000 C:\WINDOWS\system32\drivers\sscdbhk5.sys 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF79CD000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB9CA4000 C:\WINDOWS\system32\dla\tfsnpool.sys 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF798F000 toside.sys 8192 bytes (Microsoft Corporation, Toshiba PCI IDE Controller)
0xF799F000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7A09000 C:\WINDOWS\system32\DRIVERS\V0350VFx.sys 8192 bytes (EyePower Games Pte. Ltd., Advanced Video FX Filter
Driver (Win2K based))
0xF7991000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7989000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7A5A000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7A5C000 C:\WINDOWS\system32\DRIVERS\dsvideo.sys 4096 bytes (Oracle Corp., Video Miniport Driver)
0xF7A55000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA2DE000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A53000 C:\WINDOWS\system32\DRIVERS\owcmirrorminiV1.sys 4096 bytes (Oracle Corporation, Beehive Web Conferencing Mirror Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xBA062000 C:\WINDOWS\system32\dla\tfsndrct.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA1F0000 C:\WINDOWS\system32\dla\tfsndres.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [iqvw32.sys]
0x00CF0000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x8910B520 ] PID: 416, 307200 bytes
0x009F0000 Hidden Image-->MemeoRemoteCore.dll [ EPROCESS 0x8910B520 ] PID: 416, 36864 bytes
WARNING: Virus alike driver modification [atnt40k.sys]
0xAFC146E8 Unknown thread object [ ETHREAD 0x88EC0DA8 ] , 600 bytes
0xAFC256E8 Unknown thread object [ ETHREAD 0x88E62700 ] , 600 bytes


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 18 October 2010 - 04:17 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:43 AM

Posted 27 October 2010 - 06:45 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    winlogon.exe
    wininit.exe
    explorer.exe
    hlp.dat
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Magic Dude

Magic Dude
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 27 October 2010 - 09:39 AM

Hi Myrti- Thanks for helping out. Here are my scans

OTL.txt

OTL logfile created on: 10/27/2010 7:19:09 AM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Mattr\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 430.98 Gb Total Space | 370.62 Gb Free Space | 85.99% Space Free | Partition Type: NTFS
Drive E: | 27.84 Gb Total Space | 21.18 Gb Free Space | 76.09% Space Free | Partition Type: FAT32
Drive F: | 465.76 Gb Total Space | 398.62 Gb Free Space | 85.59% Space Free | Partition Type: NTFS
Drive G: | 483.56 Mb Total Space | 465.61 Mb Free Space | 96.29% Space Free | Partition Type: FAT

Computer Name: DELL | User Name: Mattr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/27 07:17:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mattr\desktop\OTL.exe
PRC - [2010/10/21 07:25:23 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/21 07:25:20 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/03 23:43:16 | 001,266,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/10/03 23:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/08/24 09:11:52 | 001,032,704 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/05/05 18:59:38 | 000,583,360 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/16 20:31:06 | 000,222,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
PRC - [2009/11/13 11:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/11/02 14:17:00 | 001,098,968 | ---- | M] (TiVo Inc.) -- C:\Program Files\TiVo\Desktop\TiVoBeacon.exe
PRC - [2009/10/22 20:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2009/10/22 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009/10/22 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2009/10/22 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2009/10/22 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
PRC - [2009/10/20 13:25:26 | 000,979,104 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
PRC - [2009/10/20 13:25:22 | 001,489,984 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
PRC - [2009/10/13 12:18:12 | 000,470,016 | ---- | M] (Oracle) -- C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
PRC - [2009/09/25 23:32:20 | 000,202,024 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\MaxSync.exe
PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/25 23:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/09/22 16:00:00 | 000,939,328 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McScript_InUse.exe
PRC - [2009/09/22 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/09/22 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/09/22 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/09/22 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/09/02 18:03:36 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\mfevtps.exe
PRC - [2009/09/02 17:59:20 | 000,035,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
PRC - [2009/08/16 12:56:22 | 000,716,800 | ---- | M] () -- C:\Program Files\Ditto\Ditto.exe
PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/08/13 05:39:08 | 003,297,280 | ---- | M] (EPIM Ltd) -- C:\Program Files\EssentialPIM Pro\EssentialPIM.exe
PRC - [2008/04/13 17:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/19 13:58:32 | 000,086,016 | R--- | M] (SA International) -- C:\WINDOWS\SYSTEM32\SAiLicSvr.exe
PRC - [2007/09/11 11:23:22 | 000,438,272 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\SYSTEM32\SAiDownloader.exe
PRC - [2007/06/06 22:15:07 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/06/04 10:02:00 | 000,032,768 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0350Mon.exe
PRC - [2007/04/27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2007/04/27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2007/04/20 08:03:02 | 000,411,168 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
PRC - [2004/10/14 14:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe


========== Modules (SafeList) ==========

MOD - [2010/10/27 07:17:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mattr\desktop\OTL.exe
MOD - [2010/10/03 23:43:42 | 000,431,336 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/08/16 12:53:46 | 000,045,056 | ---- | M] () -- C:\Program Files\Ditto\focus.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/10/03 23:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/09/10 15:00:40 | 000,348,160 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\1Step DVD Copy\CDVDService.exe -- (CDVDService)
SRV - [2010/08/24 09:11:52 | 001,032,704 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe -- (MyDesktopWindows)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/05/05 18:59:38 | 000,583,360 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/16 20:31:06 | 000,222,528 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)
SRV - [2009/11/13 11:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/11/02 14:17:00 | 001,098,968 | ---- | M] (TiVo Inc.) [Auto | Running] -- C:\Program Files\TiVo\Desktop\TiVoBeacon.exe -- (TivoBeacon2)
SRV - [2009/10/23 13:31:44 | 000,401,920 | ---- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/10/22 20:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2009/10/22 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2009/10/22 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)
SRV - [2009/10/20 13:25:22 | 001,489,984 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe -- (enterceptAgent)
SRV - [2009/10/13 12:18:12 | 000,470,016 | ---- | M] (Oracle) [Auto | Running] -- C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe -- (QOSMyDesktop)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/09/22 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/09/02 18:03:36 | 000,070,728 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\SYSTEM32\mfevtps.exe -- (mfevtp)
SRV - [2009/09/02 17:59:20 | 000,035,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe -- (hips)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/12/19 13:58:32 | 000,086,016 | R--- | M] (SA International) [Auto | Running] -- C:\WINDOWS\System32\SAiLicSvr.exe -- (SAiLicSvr)
SRV - [2007/09/11 11:23:22 | 000,438,272 | ---- | M] (TODO: <Company name>) [Auto | Running] -- C:\WINDOWS\System32\SAiDownloader.exe -- (SAiDownloader)
SRV - [2007/04/27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2007/04/27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2007/04/20 08:03:02 | 000,411,168 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ivusb.sys -- (ivusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
DRV - [2010/10/03 23:54:04 | 000,034,792 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys -- (RapportCerberus_19917)
DRV - [2010/10/03 23:43:44 | 000,169,320 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/10/03 23:43:44 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2010/05/05 18:46:36 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\vpnva.sys -- (vpnva)
DRV - [2009/11/16 14:37:30 | 000,003,712 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\owcmirrorminiV1.sys -- (owcmirrorV1)
DRV - [2009/10/22 20:07:00 | 000,091,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2009/10/22 20:07:00 | 000,065,448 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdet.sys -- (mferkdet)
DRV - [2009/10/22 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/10/20 13:23:46 | 000,030,952 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\firelm01.sys -- (firelm01)
DRV - [2009/10/20 13:23:40 | 000,145,616 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\FireTDI.sys -- (FireTDI)
DRV - [2009/10/20 13:23:36 | 000,135,872 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\FirePM.sys -- (FirePM)
DRV - [2009/09/02 18:02:56 | 000,063,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfetdik.sys -- (mfetdik)
DRV - [2009/09/02 18:01:36 | 000,343,760 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/02 18:00:40 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeapfk.sys -- (mfeapfk)
DRV - [2009/09/02 17:59:00 | 000,035,584 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HIPQK.sys -- (HIPQK)
DRV - [2009/09/02 17:58:44 | 000,038,680 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HIPPSK.sys -- (HIPPSK)
DRV - [2009/09/02 17:58:28 | 000,107,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HIPK.sys -- (HIPK)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wdcsam.sys -- (WDC_SAM)
DRV - [2008/10/17 15:26:24 | 000,044,680 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\firehk.sys -- (FirehkMP)
DRV - [2008/10/17 15:26:24 | 000,044,680 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\firehk.sys -- (Firehk)
DRV - [2008/10/13 14:10:19 | 000,392,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/10/13 14:10:19 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tifsfilt.sys -- (tifsfilter)
DRV - [2008/10/13 14:10:09 | 000,120,992 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008/08/29 13:57:18 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/05/23 17:46:12 | 000,002,144 | ---- | M] (Oracle Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsvideo.sys -- (dsdd)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/03/29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dne2000.sys -- (DNE)
DRV - [2008/01/24 14:46:20 | 000,053,344 | ---- | M] (Warp Nine Engineering) [Kernel | Auto | Running] -- C:\Program Files\Seiki\FlexiSTARTER Seiki Edition\Program\Par1284.sys -- (Par1284)
DRV - [2007/12/28 11:44:33 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/09/28 11:30:57 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2007/09/28 11:30:49 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2007/06/10 10:01:02 | 000,142,656 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\V0350Afx.sys -- (VF0350Afx)
DRV - [2007/05/10 10:02:00 | 000,170,368 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\V0350Vid.sys -- (VF0350Vid) Live! Cam Video IM (VF0350)
DRV - [2007/04/27 07:40:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2007/03/05 03:45:04 | 000,007,424 | R--- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\V0350Vfx.sys -- (VF0350Vfx)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2007/01/18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CVirtA.sys -- (CVirtA)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/11/20 22:48:21 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ASPI32.SYS -- (Aspi32)
DRV - [2005/10/21 19:10:28 | 000,010,848 | ---- | M] (Oracle Corp.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsload.sys -- (dsload)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/13 01:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 00:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 00:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 00:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 00:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 00:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 00:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 00:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 00:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 00:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/04 03:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/04 03:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/04 03:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/04 03:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/04 03:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/04 03:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/04 03:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/04 03:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/04 03:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/04 03:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/04 03:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/04 03:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/04 03:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/04 03:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/04 03:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/08/04 02:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/07/14 10:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 10:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-433944966-3052052324-1423479920-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-433944966-3052052324-1423479920-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-433944966-3052052324-1423479920-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-433944966-3052052324-1423479920-1006\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-433944966-3052052324-1423479920-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-433944966-3052052324-1423479920-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-433944966-3052052324-1423479920-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = webcache.sfbay.sun.com:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: toolbar@alexa.com:1.4.9
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: syncplaces@andyhalford.com:4.0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0.0.539
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.1
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q="
FF - prefs.js..network.proxy.ftp: "webcache.sfbay.sun.com"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "webcache.sfbay.sun.com"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.ssl: "webcache.sfbay.sun.com"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/04/27 16:09:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor Enterprise\ [2010/05/21 16:46:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/09/24 16:38:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla 1.4.1\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components [2010/01/02 17:52:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla 1.4.1\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins [2010/10/12 09:34:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/21 07:25:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/21 07:25:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/10/24 21:44:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/03/03 14:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mattr\Application Data\Mozilla\Extensions
[2010/03/03 14:10:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mattr\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/10/26 20:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mattr\Application Data\Mozilla\Firefox\Profiles\xv6uyd8o.default\extensions
[2010/04/27 06:40:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mattr\Application Data\Mozilla\Firefox\Profiles\xv6uyd8o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/20 22:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mattr\Application Data\Mozilla\Firefox\Profiles\xv6uyd8o.default\extensions\FFToolbar@upromise
[2010/08/31 09:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mattr\Application Data\Mozilla\Firefox\Profiles\xv6uyd8o.default\extensions\foxyproxy@eric.h.jung
[2010/09/23 07:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mattr\Application Data\Mozilla\Firefox\Profiles\xv6uyd8o.default\extensions\syncplaces@andyhalford.com
[2010/03/10 07:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mattr\Application Data\Mozilla\Firefox\Profiles\xv6uyd8o.default\extensions\toolbar@alexa.com
[2010/04/28 07:04:27 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Mattr\Application Data\Mozilla\Firefox\Profiles\xv6uyd8o.default\searchplugins\bing.xml
[2010/10/25 07:47:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/13 08:37:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/10/22 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/02/25 09:00:51 | 000,028,472 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2010/02/25 09:00:52 | 000,185,224 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2010/02/25 09:01:05 | 000,046,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\atmccli.dll
[2008/02/21 16:24:33 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2010/02/25 09:00:50 | 000,061,832 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2009/11/19 14:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 14:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2006/02/02 14:16:38 | 000,628,256 | ---- | M] (Medical Informatics Engineering, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npzzatif.dll

O1 HOSTS File: ([2009/08/30 07:21:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (BHO Class) - {B0D3D090-CE97-4E3E-A388-CFD55B1F5E63} - C:\Program Files\TVHarmony\IEdler.dll (TVHarmony.com, Inc)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Burn4Free Toolbar Helper) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PatentHunter) - {BCB2344B-3D5B-46d7-861B-A8F27E4FE602} - C:\Program Files\PatentWizard, LLC\PatentHunter3\PHToolBand.dll (ISF)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-433944966-3052052324-1423479920-1006\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-433944966-3052052324-1423479920-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-433944966-3052052324-1423479920-1006\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
O3 - HKU\S-1-5-21-433944966-3052052324-1423479920-1006\..\Toolbar\WebBrowser: (PatentHunter) - {BCB2344B-3D5B-46D7-861B-A8F27E4FE602} - C:\Program Files\PatentWizard, LLC\PatentHunter3\PHToolBand.dll (ISF)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [McAfee Host Intrusion Prevention Tray] C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [tcpwindowsize.exe_executed] C:\WINDOWS\orclobi\repDB_1.exe ()
O4 - HKLM..\Run: [tcpwindowsize.exe_finished] C:\WINDOWS\orclobi\repDB_2.exe ()
O4 - HKLM..\Run: [TweakAutomaticUpdates] C:\WINDOWS\OrclOBI\gdswsuspatch_soon.exe ()
O4 - HKLM..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-433944966-3052052324-1423479920-1006..\Run: [Ditto] C:\Program Files\Ditto\Ditto.exe ()
O4 - HKU\S-1-5-21-433944966-3052052324-1423479920-1006..\Run: [EssentialPIM Pro] C:\Program Files\EssentialPIM Pro\EssentialPIM.exe (EPIM Ltd)
O4 - HKU\S-1-5-21-433944966-3052052324-1423479920-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\SYSTEM32\TSCUPGRD.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\SYSTEM32\TSCUPGRD.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = c:\WINDOWS\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-433944966-3052052324-1423479920-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-433944966-3052052324-1423479920-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-433944966-3052052324-1423479920-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-433944966-3052052324-1423479920-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: SiteCatalyst ClickMap - {5BB29DC6-4046-4aa1-B590-C29372456BA0} - C:\WINDOWS\Downloaded Program Files\ClickMap.dll ()
O9 - Extra Button: Add to AuctionMagic - {5CC5AADB-AD8E-433a-A5DE-46F33901281A} - C:\Program Files\PC TechZone\Merlin AuctionMagic\IE Toolbar\iebutton.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB (Reg Error: Key error.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install/00/alttiff.cab (AlternaTIFF ActiveX)
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} http://download.ebay.com/turbo_lister/US/install.cab (Reg Error: Key error.)
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} http://vapwfa.ops.placeware.com/etc/place/FOLDER/VAFpws-a1/5.1.8.511/lib/quicksilver.cab (Quicksilver Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} Reg Error: Value error. (Oracle JInitiator 1.1.8.16)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://sunmeetings.webex.com/client/T25L/webex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: bandInstaller https://sitecatalyst.omniture.com/sc12/clickmap/ClickMapInstaller.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/31 07:32:18 | 000,000,067 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{2c31d0e3-43fb-11df-b9d9-00059a3c7800}\Shell - "" = AutoRun
O33 - MountPoints2\{2c31d0e3-43fb-11df-b9d9-00059a3c7800}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2c31d0e3-43fb-11df-b9d9-00059a3c7800}\Shell\AutoRun\command - "" = E:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: McAfeeEngineService - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/10/27 07:17:37 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mattr\Desktop\OTL.exe
[2010/10/27 07:03:22 | 000,039,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\HIPIS0e011af.dll
[2010/10/21 20:27:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mattr\My Documents\Collect_Junk
[2010/10/20 09:29:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mattr\My Documents\Magic
[2010/10/18 19:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mattr\Application Data\Trusteer
[2010/10/18 19:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\Trusteer
[2010/10/18 19:39:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/10/13 21:57:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/10/13 14:04:53 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/13 14:04:53 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/13 13:58:38 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/10/12 09:30:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/10/12 08:20:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
[2010/10/03 23:43:44 | 000,059,240 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2010/10/01 10:21:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mattr\My Documents\Oracle
[2010/01/28 15:19:17 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Mattr\Application Data\pcouffin.sys
[8 C:\Documents and Settings\Mattr\*.tmp files -> C:\Documents and Settings\Mattr\*.tmp -> ]
[7 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[249 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/27 07:17:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mattr\Desktop\OTL.exe
[2010/10/27 07:12:15 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/27 07:06:14 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/10/27 07:05:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/10/27 07:03:33 | 000,040,866 | ---- | M] () -- C:\WINDOWS\System32\api_hook_list.dat
[2010/10/27 07:03:16 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/27 07:03:16 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/10/27 07:03:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/10/27 07:03:05 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/26 23:38:36 | 004,143,104 | ---- | M] () -- C:\Documents and Settings\Mattr\My Documents\MATT1.EPIM
[2010/10/26 07:32:20 | 001,736,192 | ---- | M] () -- C:\Documents and Settings\Mattr\My Documents\MATT1.backup_20101026_0732.epim
[2010/10/25 16:42:00 | 000,000,048 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2010/10/25 10:25:31 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/10/25 07:32:36 | 001,735,168 | ---- | M] () -- C:\Documents and Settings\Mattr\My Documents\MATT1.backup_20101025_0732.epim
[2010/10/22 06:49:36 | 000,000,031 | ---- | M] () -- C:\Documents and Settings\Mattr\Application Data\CM.Ini
[2010/10/20 22:14:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/20 19:15:01 | 000,030,324 | ---- | M] () -- C:\Tivo.192.168.1.3.20.xml
[2010/10/20 19:14:56 | 000,023,456 | ---- | M] () -- C:\Tivo.192.168.1.3.0.xml
[2010/10/20 09:31:33 | 000,000,383 | ---- | M] () -- C:\Documents and Settings\Mattr\Desktop\Shortcut to Magic.lnk
[2010/10/20 09:30:50 | 000,000,390 | ---- | M] () -- C:\Documents and Settings\Mattr\Desktop\Shortcut to Oracle.lnk
[2010/10/18 22:50:55 | 000,010,317 | ---- | M] () -- C:\Documents and Settings\Mattr\My Documents\Jessica.schools.ods
[2010/10/18 10:16:25 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Mattr\Desktop\RKUnhookerLE.EXE
[2010/10/17 09:40:18 | 000,285,230 | ---- | M] () -- C:\Documents and Settings\Mattr\Desktop\gmer.zip
[2010/10/17 09:39:06 | 000,544,768 | ---- | M] () -- C:\Documents and Settings\Mattr\Desktop\dds.scr
[2010/10/17 07:43:38 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mattr\defogger_reenable
[2010/10/15 18:05:50 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mattr\Desktop\gmer.exe
[2010/10/13 18:54:29 | 000,207,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/13 18:51:33 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\Mattr\Desktop\Glary Utilities.lnk
[2010/10/13 18:32:31 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/12 09:34:15 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/11 20:06:11 | 000,443,900 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/10/11 20:06:11 | 000,072,572 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/10/11 20:05:14 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Mattr\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/10/07 01:28:38 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\KevlarSigs.dll
[2010/10/06 20:18:17 | 000,014,401 | ---- | M] () -- C:\Documents and Settings\Mattr\My Documents\Finances.ods
[2010/10/05 13:56:35 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\Mattr\My Documents\profile.xls
[2010/10/05 09:04:04 | 000,879,243 | ---- | M] () -- C:\Documents and Settings\Mattr\My Documents\2010-11_PDF_FAFSA_English.pdf
[2010/10/03 23:43:44 | 000,059,240 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[8 C:\Documents and Settings\Mattr\*.tmp files -> C:\Documents and Settings\Mattr\*.tmp -> ]
[7 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[249 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/27 07:03:33 | 000,040,866 | ---- | C] () -- C:\WINDOWS\System32\api_hook_list.dat
[2010/10/26 07:32:19 | 001,736,192 | ---- | C] () -- C:\Documents and Settings\Mattr\My Documents\MATT1.backup_20101026_0732.epim
[2010/10/25 07:32:32 | 001,735,168 | ---- | C] () -- C:\Documents and Settings\Mattr\My Documents\MATT1.backup_20101025_0732.epim
[2010/10/20 19:02:48 | 000,023,456 | ---- | C] () -- C:\Tivo.192.168.1.3.0.xml
[2010/10/20 09:31:33 | 000,000,383 | ---- | C] () -- C:\Documents and Settings\Mattr\Desktop\Shortcut to Magic.lnk
[2010/10/20 09:30:49 | 000,000,390 | ---- | C] () -- C:\Documents and Settings\Mattr\Desktop\Shortcut to Oracle.lnk
[2010/10/18 10:16:24 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Mattr\Desktop\RKUnhookerLE.EXE
[2010/10/17 07:50:09 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Mattr\Desktop\gmer.exe
[2010/10/17 07:49:36 | 000,285,230 | ---- | C] () -- C:\Documents and Settings\Mattr\Desktop\gmer.zip
[2010/10/17 07:45:14 | 000,544,768 | ---- | C] () -- C:\Documents and Settings\Mattr\Desktop\dds.scr
[2010/10/17 07:43:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mattr\defogger_reenable
[2010/10/12 09:34:15 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/11 20:05:14 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Mattr\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/10/05 17:45:16 | 000,010,317 | ---- | C] () -- C:\Documents and Settings\Mattr\My Documents\Jessica.schools.ods
[2010/10/05 13:56:35 | 000,051,712 | ---- | C] () -- C:\Documents and Settings\Mattr\My Documents\profile.xls
[2010/10/05 09:04:03 | 000,879,243 | ---- | C] () -- C:\Documents and Settings\Mattr\My Documents\2010-11_PDF_FAFSA_English.pdf
[2010/10/04 10:40:45 | 000,014,401 | ---- | C] () -- C:\Documents and Settings\Mattr\My Documents\Finances.ods
[2010/06/23 08:10:14 | 000,000,020 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2010/04/08 16:44:46 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010/03/30 14:21:34 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Mattr\Local Settings\Application Data\PUTTY.RND
[2010/01/28 15:19:19 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Mattr\Application Data\pcouffin.log
[2010/01/28 15:19:17 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Mattr\Application Data\inst.exe
[2010/01/28 15:19:17 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Mattr\Application Data\pcouffin.cat
[2010/01/28 15:19:17 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Mattr\Application Data\pcouffin.inf
[2009/11/16 17:59:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/11/16 17:59:18 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\JinPanel.dll
[2009/06/11 08:17:34 | 000,000,040 | ---- | C] () -- C:\WINDOWS\winDecrypt.INI
[2009/06/10 17:47:05 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Mattr\Application Data\PFP120JPR.{PB
[2009/06/10 17:47:05 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Mattr\Application Data\PFP120JCM.{PB
[2009/06/10 16:56:28 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/06/10 16:56:23 | 000,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009/06/10 12:58:27 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/08/29 13:58:26 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/08/29 13:58:16 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/06/08 09:01:34 | 000,000,536 | ---- | C] () -- C:\WINDOWS\PDFWatermark.INI
[2008/05/09 13:26:19 | 000,000,309 | ---- | C] () -- C:\WINDOWS\SoftWriting.ini
[2008/02/26 17:02:34 | 000,000,031 | ---- | C] () -- C:\Documents and Settings\Mattr\Application Data\CM.Ini
[2008/02/12 20:45:34 | 001,496,710 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Chinese-Intro-SHort.mp3
[2008/02/11 11:06:26 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/02/06 14:52:11 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sowdp88.dat
[2008/02/06 14:52:09 | 000,000,048 | ---- | C] () -- C:\WINDOWS\System32\pdfutil.ini
[2008/02/06 14:52:07 | 002,169,344 | ---- | C] () -- C:\WINDOWS\System32\pdfutil.dll
[2007/12/28 11:25:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/10/19 15:21:21 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/08/30 15:35:50 | 000,000,227 | ---- | C] () -- C:\WINDOWS\BJLOG.INI
[2007/07/07 09:13:38 | 000,001,329 | ---- | C] () -- C:\WINDOWS\CITP_SearchHistory.INI
[2007/07/06 17:37:27 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\FreeImage3.dll
[2007/07/06 17:37:27 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll
[2007/04/19 14:34:10 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/16 21:04:14 | 000,000,026 | ---- | C] () -- C:\WINDOWS\FPKPMSV.INI
[2007/04/16 21:02:27 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Mattr\Local Settings\Application Data\fusioncache.dat
[2007/04/13 19:58:00 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1440.ini
[2007/04/13 19:57:52 | 000,000,095 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2007/04/13 19:56:39 | 000,000,458 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2007/02/26 19:34:02 | 000,000,638 | ---- | C] () -- C:\WINDOWS\tlknw5.ini
[2007/02/11 18:11:28 | 000,000,195 | ---- | C] () -- C:\WINDOWS\mailer.INI
[2007/02/11 18:10:44 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/01/02 18:05:19 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2006/08/10 13:25:36 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2006/07/23 08:28:31 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/01/30 14:36:12 | 000,000,036 | ---- | C] () -- C:\WINDOWS\hdd.ini
[2006/01/06 09:34:58 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/11/26 18:40:48 | 000,132,096 | ---- | C] () -- C:\WINDOWS\System32\RashIcon.dll
[2005/11/26 18:40:48 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\RashProp.dll
[2005/07/24 11:34:50 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/05/05 13:15:42 | 000,000,004 | ---- | C] () -- C:\WINDOWS\info147.sys
[2005/03/23 14:24:08 | 000,059,392 | ---- | C] () -- C:\Documents and Settings\Mattr\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/07 11:08:22 | 000,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2005/02/23 11:45:11 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2005/02/23 11:30:27 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2005/02/23 11:30:27 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2005/02/21 18:41:35 | 000,011,868 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/02/15 18:00:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/15 15:45:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mattr\Application Data\sversion.ini
[2005/02/07 21:27:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/07 21:18:51 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/02/07 20:46:52 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 21:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 12:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 12:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/04 04:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[1979/12/31 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 04:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2004/08/04 03:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2004/08/04 03:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\SYSTEM32\DLLCACHE\cache\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=B03D8579FA797B0706F4E8330D38DBBC -- C:\WINDOWS\explorer.exe

< MD5 for: HLP.DAT >
[2008/04/13 17:12:08 | 000,036,635 | ---- | M] () Unable to obtain MD5 -- C:\Documents and Settings\All Users\Documents\Server\hlp.dat

< MD5 for: WINLOGON.EXE >
[2004/08/04 04:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\I386\WINLOGON.EXE
[2004/08/04 03:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2004/08/04 03:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\SYSTEM32\DLLCACHE\cache\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CE44C2B971BF03F4FAAF315F67707DD6 -- C:\WINDOWS\SYSTEM32\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[249 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/08/14 16:44:53 | 000,524,288 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\default.sav
[2009/08/13 22:46:22 | 000,524,288 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\security.sav
[2009/08/14 16:44:53 | 029,097,984 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\software.sav
[2009/08/14 16:44:53 | 005,767,168 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/10/03 23:43:44 | 000,059,240 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\RapportKELL.sys
[2010/08/26 06:39:50 | 000,357,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\srv.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18DB21EC

< End of report >


Extras.txt

OTL Extras logfile created on: 10/27/2010 7:19:09 AM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Mattr\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 430.98 Gb Total Space | 370.62 Gb Free Space | 85.99% Space Free | Partition Type: NTFS
Drive E: | 27.84 Gb Total Space | 21.18 Gb Free Space | 76.09% Space Free | Partition Type: FAT32
Drive F: | 465.76 Gb Total Space | 398.62 Gb Free Space | 85.59% Space Free | Partition Type: NTFS
Drive G: | 483.56 Mb Total Space | 465.61 Mb Free Space | 96.29% Space Free | Partition Type: FAT

Computer Name: DELL | User Name: Mattr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.reg [@ = Regedit.Document] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:UDP" = 5353:UDP:LocalSubNet:Enabled:mDNS-SD/Bonjour
"7288:TCP" = 7288:TCP:LocalSubNet:Enabled:TiVo HME Host: Port %d

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Logitech\Harmony Remote\HarmonyClient" = C:\Program Files\Logitech\Harmony Remote\HarmonyClient:*:Enabled:Logitech Harmony Remote Software V5
"C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe" = C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe:*:Enabled:Remote Control Software Patch Helper -- File not found
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Reflection\Rx.exe" = C:\Program Files\Reflection\Rx.exe:*:Enabled:Reflection X -- (WRQ, Inc.)
"C:\Program Files\Auction Submit\AuctionSubmit3.exe" = C:\Program Files\Auction Submit\AuctionSubmit3.exe:*:Enabled:AuctionSubmit3 -- (EZ Time Software, LLC)
"C:\Program Files\NetMeeting\CONF.EXE" = C:\Program Files\NetMeeting\CONF.EXE:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\PatentWizard, LLC\PatentHunter3\PatentHunter.exe" = C:\Program Files\PatentWizard, LLC\PatentHunter3\PatentHunter.exe:*:Enabled:PatentHunter.exe -- (PatentWizard LLC)
"C:\Program Files\eBay\Turbo Lister2\Tl.exe" = C:\Program Files\eBay\Turbo Lister2\Tl.exe:*:Enabled:eBay Turbo Lister 2 -- (eBay Inc.)
"C:\Program Files\BitZip\bitzip.exe" = C:\Program Files\BitZip\bitzip.exe:*:Enabled:bitzip -- ()
"C:\Program Files\mozilla.org\Mozilla\mozilla.exe" = C:\Program Files\mozilla.org\Mozilla\mozilla.exe:*:Enabled:Mozilla -- (Mozilla, Netscape)
"C:\Program Files\TVHarmony\AutoPilot.exe" = C:\Program Files\TVHarmony\AutoPilot.exe:*:Enabled:TVHarmony AutoPilot -- (TVHarmony.com, Inc)
"C:\WINDOWS\SYSTEM32\java.exe" = C:\WINDOWS\SYSTEM32\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Reflection\rftpc.exe" = C:\Program Files\Reflection\rftpc.exe:*:Enabled:Reflection FTP Client -- (WRQ, Inc.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" = C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Enabled:Sentinel Protection Server -- (SafeNet, Inc)
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" = C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:*:Enabled:Sentinel Keys Server -- (SafeNet, Inc.)
"C:\WINDOWS\SYSTEM32\SAiLicSvr.exe" = C:\WINDOWS\SYSTEM32\SAiLicSvr.exe:*:Enabled:SAi License Service -- (SA International)
"C:\Program Files\Seiki\FlexiSTARTER Seiki Edition\Program\app2.exe" = C:\Program Files\Seiki\FlexiSTARTER Seiki Edition\Program\app2.exe:*:Enabled:Production Manager 8.5v1 -- (SA International)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- (Mozilla Messaging)
"C:\Program Files\TiVo\Desktop\TiVoTransfer.exe" = C:\Program Files\TiVo\Desktop\TiVoTransfer.exe:LocalSubNet:Enabled:TiVo Transfer Service -- (TiVo Inc.)
"C:\Program Files\TiVo\Desktop\TiVoServer.exe" = C:\Program Files\TiVo\Desktop\TiVoServer.exe:*:Enabled:TiVo Server -- (TiVo Inc.)
"C:\Program Files\TiVo\Desktop\TiVoDesktop.exe" = C:\Program Files\TiVo\Desktop\TiVoDesktop.exe:LocalSubNet:Enabled:TiVo Desktop User Interface -- (TiVo Inc.)
"C:\Program Files\TiVo\Desktop\curl.exe" = C:\Program Files\TiVo\Desktop\curl.exe:LocalSubNet:Enabled:TiVo Curl Service -- ()
"C:\Program Files\TiVo\Desktop\TiVoBeacon.exe" = C:\Program Files\TiVo\Desktop\TiVoBeacon.exe:LocalSubNet:Enabled:TiVo Beacon Service -- (TiVo Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\RealVNC\VNC4\vncviewer.exe" = C:\Program Files\RealVNC\VNC4\vncviewer.exe:*:Enabled:VNC Viewer Personal Edition for Win32 -- File not found
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Documents and Settings\Mattr\My Documents\Downloads\mudt.exe" = C:\Documents and Settings\Mattr\My Documents\Downloads\mudt.exe:*:Enabled:McAfee Universal Deployment Tool -- ()
"C:\WINDOWS\orclobi\MyDesktopHolding\unlicensed\global\odp\odp_1.7.0.0.exe" = C:\WINDOWS\orclobi\MyDesktopHolding\unlicensed\global\odp\odp_1.7.0.0.exe:*:Enabled:Oracle Data Protection 1.7.0.0 -- ()
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\PhonePower\PhonePower.exe" = C:\Program Files\PhonePower\PhonePower.exe:*:Enabled:PhonePower -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Standard
"{00FC3F65-86EB-475E-881F-A5B1CF731320}" = McAfee SiteAdvisor Enterprise Plus
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07D96709-4D40-424B-BA91-E2509BCEF711}" = Free CraigsList Reader Pro from CraigsPal 4.2.4
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A3E23D7-7A1E-43EC-B35D-EB8A31BED943}" = FinalBurner Free v1.23.0.113
"{1CA8AE37-22B5-4A0B-1A9C-32E43B7BE67E}" = ShipRush for FedEx eBay
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 20
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{33CBDD91-BBE3-4092-809C-222D7A03C468}" = FlexiSTARTER Seiki Edition
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8ABF7C-0DBB-41D9-8456-9CFC16F9B4BA}" = Oracle Beehive Conferencing
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{53A19323-917A-4822-B27E-A57D1EF6E9FC}" = H&R Block Deluxe + Efile + State 2009
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A180ED5-0AC1-410A-B790-5E0319CD0A93}" = Sentinel Protection Installer 7.4.0
"{5C52CED3-D45C-4DA9-932F-B91BD44BB461}" = Adabas D 13.01.00
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5FF4A578-4588-4ACF-8317-7191FC45F3E1}" = TaxCut California 2007
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{663E217E-FC26-4249-9E8E-F190CD63E737}" = TaxCut Premium + State 2007
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7B6A6CEF-BF32-4773-9EF7-0272707AE4CC}" = WRQ Reflection Security Components 10.0.4
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{807B1E66-FF69-4170-A835-E4B2C8A1D389}" = WRQ Reflection Suite for X 10.0.3
"{81A60A13-224D-4637-8203-3EAC03B121A4}" = Maxtor MaxBlast
"{835A6F5F-BC13-48DF-BEBE-8D80B419D145}" = Cisco AnyConnect VPN Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8AC2A066-219C-41C1-A7F0-B4D81E8405BF}" = Oracle Open Office 3.2
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A005B38F-D5AB-4E35-93DD-9886E449FAF1}" = Palm
"{A1EFAC47-885A-4E74-AAA4-8B56B71B706A}" = Garmin City Navigator North America NT 2010.40
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A73EFA95-4872-4AE3-8EE9-10D2E2D713CF}" = RoadRunner
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B332732A-4958-41DD-B439-DDA2D32753C5}" = McAfee Host Intrusion Prevention
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B510A987-487E-4C66-9F4F-D386AC275715}" = TextPad 4.7
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BE5402D6-6B27-49C7-B6D8-E8D48C1A09FE}" = Microsoft Office Live Meeting 2005
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2DA1CDC-EF9D-4B7C-91F8-710B17AD44A7}" = Microsoft Office Live Meeting 2007
"{C403A5D4-212B-4E32-8AFF-CBF30EF681FF}" = WRQ Reflection Manuals 10.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D12EBB4E-CF21-496D-979F-89D9DE58C5B8}" = PDFill PDF Tools (FREE)
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D61524CF-93FE-4193-91AD-C6E21FEEAA5A}" = Logitech Harmony Remote Software 7
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{E008BEB1-AB63-46C1-BD3D-08D3A1F8E26D}" = McAfee Agent
"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F4898C08-90A2-431C-BCE5-87866531D05B}" = H&R Block California 2009
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows XP Signed Files
"1StepDVDCopy" = 1Step DVD Copy 1.4.6
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"7-Zip" = 7-Zip 4.57
"ActiveHome" = ActiveHome™
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Emailer_is1" = Advanced Emailer
"AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"Any Video Converter_is1" = Any Video Converter 3.0.1
"Artisteer 2" = Artisteer 2
"Ask Toolbar_is1" = Ask Toolbar
"Atomic PDF Password Recovery_is1" = Atomic PDF Password Recovery 1.51
"BitZip" = BitZip (remove only)
"Burn4Free" = Burn4Free CD and DVD
"Burn4Free Toolbar" = Burn4Free Toolbar
"Cakewalk Pyro 5" = Cakewalk Pyro 5
"Cisco VPN Client 5.0.04.0300" = Cisco VPN Client 5.0.04.0300
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"CraigsPalFree_is1" = CraigsPalFree version 3.33
"Creative VF0350" = Creative Live! Cam Video Chat or Video IM Driver (1.02.01.00)
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Desktop Weather by The Weather Channel" = Desktop Weather by The Weather Channel
"Ditto_is1" = Ditto
"DVD Album Creator 3.1.1" = DVD Album Creator 3.1.1
"EB88B6218325D2AB47CFFBF7170236B60A6198FF" = Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)
"EssentialPIM Pro" = EssentialPIM Pro
"FileZilla Client" = FileZilla Client 3.3.4.1
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.1
"freeocr2_is1" = FreeOcr V1
"Glary Utilities_is1" = Glary Utilities 2.28.0.1011
"GSview 4.8" = GSview 4.8
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Inkscape" = Inkscape 0.46
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"IrfanView" = IrfanView (remove only)
"Java Web Start" = Java Web Start
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Magic DVD Copier_is1" = Magic DVD Copier Version 5.0.0
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.5.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"McAfee Security Scan" = McAfee Security Scan Plus
"Merlin AuctionMagic" = Merlin AuctionMagic
"Merlin AuctionMagic Trial" = Merlin AuctionMagic Trial
"Merlin AuctionMagic_is1" = Merlin AuctionMagic
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Live Meeting" = Microsoft Office Live Meeting
"Mozilla (1.4.1)" = Mozilla (1.4.1)
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"Mozilla Thunderbird (3.1.5)" = Mozilla Thunderbird (3.1.5)
"MP3 Repair Tool_is1" = MP3 Repair Tool v1.5.2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyWaySearchAssistantDE" = My Way Search Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Oracle Data Protection 1.7.0.0" = Oracle Data Protection 1.7.0.0
"Oracle JInitiator 1.1.8.16" = Oracle JInitiator 1.1.8.16
"OracleRTCClient" = Oracle Web Conferencing Console
"PatentHunter3.5" = PatentHunter
"PDF Watermarks 1" = PDF Watermarks 1
"Pdf995" = Pdf995
"PdfEdit995" = PdfEdit995
"PhonePower" = PhonePower
"Pidgin" = Pidgin
"PROSet" = Intel® PRO Network Adapters and Drivers
"Rapport_msi" = Rapport
"RealPlayer 6.0" = RealPlayer
"RoadRash" = RoadRash
"SimpleOCR 3.1" = SimpleOCR 3.1
"ST6UNST #1" = Auction Submit 3.0
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Super Mario 3 : Mario Forever" = Super Mario 3 : Mario Forever
"TaxCut 2004" = TaxCut 2004
"TaxCut Deluxe 2005" = TaxCut Deluxe 2005
"TaxCut Premium 2006" = TaxCut Premium 2006
"TVHarmony AutoPilot" = TVHarmony AutoPilot Beta 2, v38
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"vol_toolbar" = Verizon Broadband Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = The GIMP 2.2.3
"WinGTK-2_is1" = GTK+ 2.4.14 runtime environment
"WinRAR archiver" = WinRAR archiver
"Winstep Organizer_is1" = Winstep Start Menu Organizer 1.2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-433944966-3052052324-1423479920-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced Archive Password Recovery" = Advanced Archive Password Recovery
"GoToMeeting" = GoToMeeting 4.5.0.457
"IM" = IM
"Move Media Player" = Move Media Player
"QUICKMEDIACONVERTER" = Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/17/2010 12:41:52 PM | Computer Name = DELL | Source = McLogEvent | ID = 5059
Description = Exception in ShStat.Exe Exception details follow : Crash address 0x00de0004
Code
0xc0000005 Flags 0x00000000 2 Parameters : 0x00000000 0x00de0004 Thread = UpdateStats


Error - 10/17/2010 12:41:52 PM | Computer Name = DELL | Source = McLogEvent | ID = 5059
Description = Exception in ShStat.Exe Exception details follow : Crash address 0x00de0004
Code
0xc0000005 Flags 0x00000000 2 Parameters : 0x00000000 0x00de0004 Thread = UpdateStats


Error - 10/17/2010 12:41:58 PM | Computer Name = DELL | Source = McLogEvent | ID = 5059
Description = Exception in ShStat.Exe Exception details follow : Crash address 0x00de0004
Code
0xc0000005 Flags 0x00000000 2 Parameters : 0x00000000 0x00de0004 Thread = UpdateStats


Error - 10/17/2010 12:41:58 PM | Computer Name = DELL | Source = McLogEvent | ID = 5059
Description = Exception in ShStat.Exe Exception details follow : Crash address 0x00de0004
Code
0xc0000005 Flags 0x00000000 2 Parameters : 0x00000000 0x00de0004 Thread = UpdateStats


Error - 10/18/2010 2:11:03 PM | Computer Name = DELL | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3909, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 10/20/2010 10:46:12 AM | Computer Name = DELL | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 6104 (0x17d8) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.1.0.515
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Documents and Settings\Mattr\My
Documents\Downloads\garmin_rmu_cnnant2010_40.exe by C:\Program Files\Malwarebytes'
Anti-Malware\mbam.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 10/20/2010 10:46:12 AM | Computer Name = DELL | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 5 seconds;

Error - 10/22/2010 12:15:12 AM | Computer Name = DELL | Source = Application Error | ID = 1000
Description = Faulting application gimp-2.2.exe, version 0.0.0.0, faulting module
libglib-2.0-0.dll, version 2.18.4.0, fault address 0x00040853.

Error - 10/22/2010 3:34:57 PM | Computer Name = DELL | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 4412 (0x113c) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.1.0.515
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Documents and Settings\Mattr\My
Documents\Downloads\garmin_rmu_cnnant2010_40.exe by C:\WINDOWS\Explorer.EXE 4(63)(0)

4(63)(0) 7200(63)(0) 7595(63)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/22/2010 3:34:58 PM | Computer Name = DELL | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 5 seconds;

[ Cisco AnyConnect VPN Client Events ]
Error - 10/26/2010 11:24:39 AM | Computer Name = DELL | Source = vpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
253 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

Error - 10/26/2010 11:24:39 AM | Computer Name = DELL | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
1149 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

Error - 10/26/2010 11:24:48 AM | Computer Name = DELL | Source = vpnagent | ID = 67108866
Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp
Line:
815 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
-31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

Error - 10/26/2010 11:24:48 AM | Computer Name = DELL | Source = vpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
253 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

Error - 10/26/2010 11:24:48 AM | Computer Name = DELL | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
1149 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

Error - 10/26/2010 11:24:48 AM | Computer Name = DELL | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
976 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28901363
(0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
not contact target

Error - 10/26/2010 11:24:48 AM | Computer Name = DELL | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
812 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28901363 (0xFE47000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

Error - 10/26/2010 11:24:48 AM | Computer Name = DELL | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
189 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901363 (0xFE47000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

Error - 10/27/2010 10:03:13 AM | Computer Name = DELL | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available

Error - 10/27/2010 10:03:13 AM | Computer Name = DELL | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available

[ System Events ]
Error - 10/20/2010 10:46:13 AM | Computer Name = DELL | Source = Service Control Manager | ID = 7034
Description = The McAfee McShield service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/21/2010 10:28:37 AM | Computer Name = DELL | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 10/22/2010 9:43:36 AM | Computer Name = DELL | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 10/22/2010 3:34:58 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7034
Description = The McAfee McShield service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/23/2010 10:17:37 AM | Computer Name = DELL | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 10/24/2010 9:28:36 AM | Computer Name = DELL | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 10/25/2010 12:43:38 AM | Computer Name = DELL | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 10/25/2010 10:41:37 AM | Computer Name = DELL | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 10/26/2010 10:02:37 AM | Computer Name = DELL | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 10/27/2010 10:16:42 AM | Computer Name = DELL | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:43 AM

Posted 28 October 2010 - 07:38 AM

Hi,

please run a scan with ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Magic Dude

Magic Dude
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 28 October 2010 - 10:19 AM

Hi Myrti-

Here is the Combofix log as requested. Thanks again for your help.

ComboFix 10-10-26.02 - Mattr 10/28/2010 7:21.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1280 [GMT -7:00]
Running from: c:\documents and settings\Mattr\Desktop\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: McAfee Host Intrusion Prevention Firewall *disabled* {2F1275E3-2F4F-43E9-944B-3F63F9BDA5F5}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Mattr\Application Data\inst.exe
c:\documents and settings\Mattr\g2mdlhlpx.exe
c:\program files\cnsload_1268341598593.tmp
c:\program files\cnsload_1270652968203.tmp
c:\program files\cnsload_1273593827921.tmp
c:\program files\cnsload_1275408384953.tmp
c:\program files\cnsload_1276103007000.tmp
c:\program files\cnsload_1281383388687.tmp
c:\program files\cnsload_1282062073916.tmp
c:\program files\CustomXML\aimplay.dll
c:\program files\CustomXML\customxml.log
c:\program files\CustomXML\ProtectionDll.dll
c:\program files\CustomXML\rules.dat
c:\program files\CustomXML\settings.ini
c:\program files\CustomXML\TrafficDll.dll
F:\autorun.inf

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe

.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-28 )))))))))))))))))))))))))))))))
.

2010-10-28 13:55 . 2009-09-03 00:58 39816 ----a-w- c:\windows\system32\HIPIS0e011af.dll
2010-10-19 02:41 . 2010-10-19 02:41 -------- d-----w- c:\documents and settings\Mattr\Application Data\Trusteer
2010-10-19 02:41 . 2010-10-19 02:41 -------- d-----w- c:\program files\Trusteer
2010-10-19 02:39 . 2010-10-19 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Trusteer
2010-10-13 21:04 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 21:04 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 20:58 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-12 16:30 . 2010-10-12 16:30 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-10-04 06:43 . 2010-10-04 06:43 59240 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-07 08:28 . 2010-05-20 23:20 136512 ----a-w- c:\windows\system32\KevlarSigs.dll
2010-09-18 19:23 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 10:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 10:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38 . 2006-03-04 03:33 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2004-08-04 10:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2004-08-04 10:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2004-08-04 10:00 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2004-08-04 10:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2009-08-23 19:51 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2009-08-23 19:51 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2009-08-23 19:51 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-06-10 16:23 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2009-08-23 19:51 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-04 10:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-02-25 16:00 . 2008-02-08 19:59 28472 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2010-02-25 16:00 . 2008-02-08 19:59 185224 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2010-02-25 16:01 . 2008-02-21 23:24 46392 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2008-02-21 23:24 . 2008-02-21 23:24 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2009-10-23 03:07 . 2010-05-20 23:08 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2010-01-28 23:35 815104 ----a-w- c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2010-01-28 815104]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2010-01-28 815104]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EssentialPIM Pro"="c:\program files\EssentialPIM Pro\EssentialPIM.exe" [2008-08-13 3297280]
"Ditto"="c:\program files\Ditto\Ditto.exe" [2009-08-16 716800]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"V0350Mon.exe"="c:\windows\V0350Mon.exe" [2007-06-04 32768]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-09-22 136512]
"tcpwindowsize.exe_executed"="c:\windows\orclobi\repDB_1.exe" [2004-02-02 147393]
"tcpwindowsize.exe_finished"="c:\windows\orclobi\repDB_2.exe" [2004-02-02 147393]
"TweakAutomaticUpdates"="c:\windows\OrclOBI\gdswsuspatch_soon.exe" [2005-12-22 126887]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-10-23 124240]
"McAfee Host Intrusion Prevention Tray"="c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe" [2009-10-20 979104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
"MPlayer2_FixUp"="c:\windows\inf\unregmp2.exe" [2007-06-27 317440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2010-5-20 6144]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Verizon_McciTrayApp"=c:\program files\Verizon\McciTrayApp.exe
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"MaxBlastMonitor.exe"=c:\program files\Maxtor\MaxBlast\MaxBlastMonitor.exe
"AcronisTimounterMonitor"=c:\program files\Maxtor\MaxBlast\TimounterMonitor.exe
"Acronis Scheduler2 Service"="c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe"
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"AmazonGSDownloaderTray"=c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
"ODP"="c:\progra~1\odp\odp.exe"
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Reflection\\Rx.exe"=
"c:\\Program Files\\Auction Submit\\AuctionSubmit3.exe"=
"c:\\Program Files\\NetMeeting\\CONF.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\PatentWizard, LLC\\PatentHunter3\\PatentHunter.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eBay\\Turbo Lister2\\Tl.exe"=
"c:\\Program Files\\BitZip\\bitzip.exe"=
"c:\\Program Files\\mozilla.org\\Mozilla\\mozilla.exe"=
"c:\\Program Files\\TVHarmony\\AutoPilot.exe"=
"c:\\WINDOWS\\SYSTEM32\\java.exe"=
"c:\\Program Files\\Reflection\\rftpc.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\WINDOWS\\SYSTEM32\\SAiLicSvr.exe"=
"c:\\Program Files\\Seiki\\FlexiSTARTER Seiki Edition\\Program\\app2.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Documents and Settings\\Mattr\\My Documents\\Downloads\\mudt.exe"=
"c:\\WINDOWS\\orclobi\\MyDesktopHolding\\unlicensed\\global\\odp\\odp_1.7.0.0.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\PhonePower\\PhonePower.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 RapportKELL;RapportKELL;c:\windows\SYSTEM32\DRIVERS\RapportKELL.sys [10/3/2010 11:43 PM 59240]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [10/3/2010 11:54 PM 34792]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [10/3/2010 11:43 PM 169320]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\McAfee\Host Intrusion Prevention\FireSvc.exe [10/20/2009 1:25 PM 1489984]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 11:32 PM 189736]
R2 hips;McAfee HIPSCore Service;c:\program files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe [5/20/2010 4:17 PM 35696]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [12/16/2009 8:31 PM 222528]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [10/22/2009 8:07 PM 21256]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\SYSTEM32\mfevtps.exe [5/20/2010 4:08 PM 70728]
R2 MyDesktopWindows;MyDesktopService;c:\windows\orclobi\MyDesktop\MyDesktopService.exe [8/24/2010 9:11 AM 1032704]
R2 QOSMyDesktop;QOS MyDesktop;c:\windows\orclobi\MyDesktop\MyDesktopQOS.exe [10/13/2009 12:18 PM 470016]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [10/3/2010 11:43 PM 767208]
R2 SAiDownloader;SAiDownloader;c:\windows\SYSTEM32\SAiDownloader.exe [7/28/2008 2:24 PM 438272]
R2 SAiLicSvr;SAiLicSvr;c:\windows\SYSTEM32\SAiLicSvr.exe [7/28/2008 2:28 PM 86016]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [4/27/2007 1:00 AM 316992]
R2 TivoBeacon2;TiVo Beacon Service;c:\program files\TiVo\Desktop\TiVoBeacon.exe [11/2/2009 2:17 PM 1098968]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [5/5/2010 6:59 PM 583360]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [11/13/2009 11:28 AM 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 8:58 AM 20480]
R3 dsdd;dsdd;c:\windows\SYSTEM32\DRIVERS\dsvideo.sys [8/19/2010 12:04 PM 2144]
R3 FirehkMP;FirehkMP;c:\windows\SYSTEM32\DRIVERS\firehk.sys [5/20/2010 4:16 PM 44680]
R3 HIPK;McAfee Inc. HIPK;c:\windows\SYSTEM32\DRIVERS\HIPK.sys [5/20/2010 4:17 PM 107960]
R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\SYSTEM32\DRIVERS\HIPPSK.sys [5/20/2010 4:17 PM 38680]
R3 HIPQK;McAfee Inc. HIPQK;c:\windows\SYSTEM32\DRIVERS\HIPQK.sys [5/20/2010 4:17 PM 35584]
R3 owcmirrorV1;owcmirrorV1;c:\windows\SYSTEM32\DRIVERS\owcmirrorminiV1.sys [3/16/2010 9:29 AM 3712]
R3 VF0350Afx;VF0350 Audio FX;c:\windows\SYSTEM32\DRIVERS\V0350Afx.sys [1/31/2008 5:34 PM 142656]
R3 VF0350Vfx;VF0350 Video FX;c:\windows\SYSTEM32\DRIVERS\V0350Vfx.sys [1/31/2008 5:34 PM 7424]
R3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\SYSTEM32\DRIVERS\V0350Vid.sys [1/31/2008 5:34 PM 170368]
S2 gupdate1caa45020ee47ca;Google Update Service (gupdate1caa45020ee47ca);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 2:38 PM 133104]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2/10/2010 11:59 AM 401920]
S3 CDVDService;CDVDService;c:\program files\1Step DVD Copy\CDVDService.exe [9/10/2010 3:00 PM 348160]
S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\firehk.sys [5/20/2010 4:16 PM 44680]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [5/20/2010 4:08 PM 65448]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\SYSTEM32\DRIVERS\wdcsam.sys [5/6/2008 4:06 PM 11520]
UnknownUnknown dsload;dsload; [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MFEBOPK01
*NewlyCreated* - MFEBOPK02
*Deregistered* - mfeapfk01
*Deregistered* - mfeapfk02
*Deregistered* - mfebopk01
*Deregistered* - mfebopk02
.
Contents of the 'Scheduled Tasks' folder

2010-10-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-10-28 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-06-26 17:32]

2010-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 21:38]

2010-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 21:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = webcache.sfbay.sun.com:8080
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &PHToolBand -
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {{5CC5AADB-AD8E-433a-A5DE-46F33901281A} - c:\program files\PC TechZone\Merlin AuctionMagic\IE Toolbar\iebutton.htm
IE: {{5BB29DC6-4046-4aa1-B590-C29372456BA0} - {9A85FF39-28A4-4bf1-8290-DD075267FF35} - c:\windows\Downloaded Program Files\ClickMap.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: bandInstaller - hxxps://sitecatalyst.omniture.com/sc12/clickmap/ClickMapInstaller.CAB
DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} - hxxp://vapwfa.ops.placeware.com/etc/place/FOLDER/VAFpws-a1/5.1.8.511/lib/quicksilver.cab
FF - ProfilePath - c:\documents and settings\Mattr\Application Data\Mozilla\Firefox\Profiles\xv6uyd8o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
FF - prefs.js: network.proxy.ftp - webcache.sfbay.sun.com
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - webcache.sfbay.sun.com
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.ssl - webcache.sfbay.sun.com
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\McAfee\SiteAdvisor Enterprise\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Mattr\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Mattr\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
.reg=Regedit.Document
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-28 07:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1380)
c:\windows\system32\HcApi.dll
c:\windows\system32\KevlarSigs.dll

- - - - - - - > 'lsass.exe'(1436)
c:\windows\system32\relog_ap.dll
c:\windows\system32\HcApi.dll
c:\windows\system32\KevlarSigs.dll

- - - - - - - > 'explorer.exe'(6032)
c:\windows\system32\WININET.dll
c:\windows\system32\HcApi.dll
c:\windows\system32\KevlarSigs.dll
c:\program files\Ditto\focus.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'csrss.exe'(1356)
c:\windows\system32\HcApi.dll
c:\windows\system32\KevlarSigs.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\Seagate\SeagateManager\Sync\MaxSync.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\windows\System32\snmp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\MsPMSPSv.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\fxssvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
.
**************************************************************************
.
Completion time: 2010-10-28 08:05:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-28 15:04
ComboFix2.txt 2009-08-30 14:27
ComboFix3.txt 2009-06-10 22:37

Pre-Run: 400,152,002,560 bytes free
Post-Run: 401,276,125,184 bytes free

- - End Of File - - C546FA06E0DED168D5F8FA3314CD129C

#6 Magic Dude

Magic Dude
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 28 October 2010 - 03:38 PM

Later today when my McCafee VirusScan ran, it said that ComboFix.exe was detected as Artemis!0CAD20926EEA Trojan and was deleted

I had downloaded it from the 1st Link on the post which redirects to this site:

http://www.infospyware.net/antimalware/combofix/

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:43 AM

Posted 01 November 2010 - 09:16 AM

Hi,

this is sadly a frequent issue, with all kind of anti virus programs. No matter how often you alert them to it, they always will get back to detecting the tools we use to clean malware as malware. This is the number one reason that we ask to disable your anti virus program while ComboFix is running.

The tool and the download both are perfectly fine, it is a false positive from McAfee.

how is the PC doing?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 Magic Dude

Magic Dude
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 01 November 2010 - 09:26 AM

Thanks. The websites are no longer being redirected. Is there anything else I need to do to complete the removal?

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:43 AM

Posted 01 November 2010 - 09:48 AM

Hi,

yes I would like to make sure that there is nothing left.

First please run this script:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Driver::
dsload


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Afterwards please run a scan with Kaspersky:
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:43 AM

Posted 15 November 2010 - 06:17 AM

Since it has gone stale, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:43 AM

Posted 15 November 2010 - 09:45 AM

Hi,

topic reopened. Kaspersky is currently down, please use Eset instead:
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 Magic Dude

Magic Dude
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 16 November 2010 - 09:35 AM

I performed the 2 scans and here are the results below:

ESET Scan Log:

C:\Documents and Settings\Mattr\Application Data\Sun\Java\Deployment\cache\6.0\50\40317872-6fc0dda3 a variant of Java/TrojanDownloader.OpenStream.NAU trojan deleted - quarantined
C:\Documents and Settings\Mattr\My Documents\100+ Ebooks and Softwares\autores.zip probably a variant of Win32/PSW.LdPinch.NKFXPKC trojan deleted - quarantined
C:\Documents and Settings\Mattr\My Documents\100+ Ebooks and Softwares\building_your_automatic_money_machine.zip probably a variant of Win32/PSW.LdPinch.NKFXPKC trojan deleted - quarantined
C:\Documents and Settings\Mattr\My Documents\100+ Ebooks and Softwares\sell_using_the_web.zip probably a variant of Win32/PSW.LdPinch.NKFXPKC trojan deleted - quarantined
C:\Documents and Settings\Mattr\My Documents\Magic\magicgizmo\Backup\site-magicgizmo.com-100810-120025.zip PHP/Rst.R trojan deleted - quarantined
C:\Program Files\mozilla.org\Mozilla\plugins\WebEx\424\atpdmod.dll probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir Win32/Bamital.EL trojan deleted - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winlogon.exe.vir Win32/Bamital.EL trojan deleted - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0004894.dll probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined
F:\Seagate Backup\DELL\History\Level2\C\Documents and Settings\Mattr\My Documents\100+ Ebooks and Softwares\autores.zip probably a variant of Win32/PSW.LdPinch.NKFXPKC trojan deleted - quarantined
F:\Seagate Backup\DELL\History\Level2\C\Documents and Settings\Mattr\My Documents\100+ Ebooks and Softwares\building_your_automatic_money_machine.zip probably a variant of Win32/PSW.LdPinch.NKFXPKC trojan deleted - quarantined
F:\Seagate Backup\DELL\History\Level2\C\Documents and Settings\Mattr\My Documents\100+ Ebooks and Softwares\sell_using_the_web.zip probably a variant of Win32/PSW.LdPinch.NKFXPKC trojan deleted - quarantined
F:\Seagate Backup\DELL\History\Level2\C\Documents and Settings\Mattr\My Documents\Magic\magicgizmo\Backup\site-magicgizmo.com-100810-120025.zip PHP/Rst.R trojan deleted - quarantined


Combofix Log:

ComboFix 10-11-14.04 - Mattr 11/15/2010 7:50.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1420 [GMT -8:00]
Running from: c:\documents and settings\Mattr\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mattr\Desktop\CFScript.txt
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: McAfee Host Intrusion Prevention Firewall *enabled* {2F1275E3-2F4F-43E9-944B-3F63F9BDA5F5}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_dsload


((((((((((((((((((((((((( Files Created from 2010-10-15 to 2010-11-15 )))))))))))))))))))))))))))))))
.

2010-11-15 14:26 . 2009-09-03 00:58 39816 ----a-w- c:\windows\system32\HIPIS0e011af.dll
2010-11-12 13:28 . 2010-11-12 13:28 -------- d-----w- c:\documents and settings\Mattr\Application Data\Windows Search
2010-11-11 14:34 . 2010-11-11 14:34 -------- d-----w- c:\documents and settings\Mattr\Application Data\Windows Desktop Search
2010-11-10 18:29 . 2010-11-10 18:29 -------- d-----r- c:\documents and settings\Mattr\Application Data\Brother
2010-11-10 18:25 . 2010-11-10 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2010-11-10 18:24 . 2007-01-15 15:00 24223 ----a-w- c:\windows\system32\BRLM03A.DLL
2010-11-10 18:24 . 2000-07-24 09:01 19537 ------w- c:\windows\system32\drivers\BRPAR.SYS
2010-11-10 18:24 . 2010-11-10 18:24 -------- d-----w- c:\program files\Brownie
2010-11-10 18:24 . 2006-12-21 02:23 176128 ----a-w- c:\windows\system32\BROSNMP.DLL
2010-11-10 18:24 . 2008-10-22 15:00 111928 ----a-w- c:\windows\system32\BRRBTOOL.EXE
2010-11-10 18:24 . 2005-01-17 07:10 45056 ----a-w- c:\windows\system32\BRTCPCON.DLL
2010-11-10 18:24 . 2004-08-09 06:42 77824 ----a-w- c:\windows\system32\BRLMW03A.DLL
2010-11-10 18:24 . 2010-11-10 18:24 -------- d-----w- c:\program files\Brother
2010-11-10 18:24 . 2009-05-26 03:14 196608 ------w- c:\windows\system32\Pdrvinst.dll
2010-11-10 18:23 . 2004-04-19 07:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2010-11-10 18:23 . 2004-04-19 07:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2010-11-10 18:23 . 2004-04-19 07:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2010-11-10 18:23 . 2004-04-19 07:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2010-11-10 18:23 . 2010-11-10 18:23 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2010-11-10 18:23 . 2004-04-19 07:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2010-11-10 18:23 . 2010-11-10 18:23 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2010-11-10 16:05 . 2010-11-10 16:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-11-10 15:21 . 2010-11-10 15:21 -------- d-----w- c:\program files\Microsoft.NET
2010-11-10 15:18 . 2010-11-10 15:18 -------- d-----w- c:\windows\system32\winrm
2010-11-10 15:18 . 2010-11-10 15:19 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-11-10 15:18 . 2010-11-10 15:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-11-10 15:17 . 2010-11-11 07:28 -------- d-----w- c:\program files\Windows Desktop Search
2010-11-10 15:17 . 2010-11-10 15:17 -------- d-----w- c:\windows\system32\GroupPolicy
2010-11-10 15:12 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2010-11-10 15:12 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2010-11-10 15:12 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2010-10-19 02:41 . 2010-10-19 02:41 -------- d-----w- c:\documents and settings\Mattr\Application Data\Trusteer
2010-10-19 02:41 . 2010-10-19 02:41 -------- d-----w- c:\program files\Trusteer
2010-10-19 02:39 . 2010-10-19 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Trusteer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-15 16:06 . 2010-11-15 16:06 636960 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-11-04 08:42 . 2010-05-20 23:20 136512 ----a-w- c:\windows\system32\KevlarSigs.dll
2010-10-04 06:43 . 2010-10-04 06:43 59240 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2010-09-18 19:23 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 10:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 10:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38 . 2006-03-04 03:33 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2004-08-04 10:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2004-08-04 10:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2004-08-04 10:00 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2004-08-04 10:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2009-08-23 19:51 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2009-08-23 19:51 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2009-08-23 19:51 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-06-10 16:23 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2009-08-23 19:51 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-02-25 16:00 . 2008-02-08 19:59 28472 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2010-02-25 16:00 . 2008-02-08 19:59 185224 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2010-02-25 16:01 . 2008-02-21 23:24 46392 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2008-02-21 23:24 . 2008-02-21 23:24 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2009-10-23 03:07 . 2010-05-20 23:08 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2010-01-28 23:35 815104 ----a-w- c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2010-01-28 815104]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2010-01-28 815104]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EssentialPIM Pro"="c:\program files\EssentialPIM Pro\EssentialPIM.exe" [2008-08-13 3297280]
"Ditto"="c:\program files\Ditto\Ditto.exe" [2009-08-16 716800]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"V0350Mon.exe"="c:\windows\V0350Mon.exe" [2007-06-04 32768]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-09-22 136512]
"tcpwindowsize.exe_executed"="c:\windows\orclobi\repDB_1.exe" [2004-02-02 147393]
"tcpwindowsize.exe_finished"="c:\windows\orclobi\repDB_2.exe" [2004-02-02 147393]
"TweakAutomaticUpdates"="c:\windows\OrclOBI\gdswsuspatch_soon.exe" [2005-12-22 126887]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-10-23 124240]
"McAfee Host Intrusion Prevention Tray"="c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe" [2009-10-20 979104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-06-11 3618104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
"MPlayer2_FixUp"="c:\windows\inf\unregmp2.exe" [2007-06-27 317440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2010-5-20 6144]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Verizon_McciTrayApp"=c:\program files\Verizon\McciTrayApp.exe
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"MaxBlastMonitor.exe"=c:\program files\Maxtor\MaxBlast\MaxBlastMonitor.exe
"AcronisTimounterMonitor"=c:\program files\Maxtor\MaxBlast\TimounterMonitor.exe
"Acronis Scheduler2 Service"="c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe"
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"AmazonGSDownloaderTray"=c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
"ODP"="c:\progra~1\odp\odp.exe"
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Reflection\\Rx.exe"=
"c:\\Program Files\\Auction Submit\\AuctionSubmit3.exe"=
"c:\\Program Files\\NetMeeting\\CONF.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\PatentWizard, LLC\\PatentHunter3\\PatentHunter.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eBay\\Turbo Lister2\\Tl.exe"=
"c:\\Program Files\\BitZip\\bitzip.exe"=
"c:\\Program Files\\mozilla.org\\Mozilla\\mozilla.exe"=
"c:\\Program Files\\TVHarmony\\AutoPilot.exe"=
"c:\\WINDOWS\\SYSTEM32\\java.exe"=
"c:\\Program Files\\Reflection\\rftpc.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\WINDOWS\\SYSTEM32\\SAiLicSvr.exe"=
"c:\\Program Files\\Seiki\\FlexiSTARTER Seiki Edition\\Program\\app2.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Documents and Settings\\Mattr\\My Documents\\Downloads\\mudt.exe"=
"c:\\WINDOWS\\orclobi\\MyDesktopHolding\\unlicensed\\global\\odp\\odp_1.7.0.0.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\PhonePower\\PhonePower.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R0 RapportKELL;RapportKELL;c:\windows\SYSTEM32\DRIVERS\RapportKELL.sys [10/3/2010 10:43 PM 59240]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [10/3/2010 10:54 PM 34792]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [10/3/2010 10:43 PM 169320]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\McAfee\Host Intrusion Prevention\FireSvc.exe [10/20/2009 12:25 PM 1489984]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 10:32 PM 189736]
R2 hips;McAfee HIPSCore Service;c:\program files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe [5/20/2010 3:17 PM 35696]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [12/16/2009 7:31 PM 222528]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [10/22/2009 7:07 PM 21256]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\SYSTEM32\mfevtps.exe [5/20/2010 3:08 PM 70728]
R2 MyDesktopWindows;MyDesktopService;c:\windows\orclobi\MyDesktop\MyDesktopService.exe [8/24/2010 8:11 AM 1032704]
R2 QOSMyDesktop;QOS MyDesktop;c:\windows\orclobi\MyDesktop\MyDesktopQOS.exe [10/13/2009 11:18 AM 470016]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [10/3/2010 10:43 PM 767208]
R2 SAiDownloader;SAiDownloader;c:\windows\SYSTEM32\SAiDownloader.exe [7/28/2008 1:24 PM 438272]
R2 SAiLicSvr;SAiLicSvr;c:\windows\SYSTEM32\SAiLicSvr.exe [7/28/2008 1:28 PM 86016]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [4/27/2007 12:00 AM 316992]
R2 TivoBeacon2;TiVo Beacon Service;c:\program files\TiVo\Desktop\TiVoBeacon.exe [11/2/2009 1:17 PM 1098968]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [5/5/2010 5:59 PM 583360]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [11/13/2009 10:28 AM 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 7:58 AM 20480]
R3 dsdd;dsdd;c:\windows\SYSTEM32\DRIVERS\dsvideo.sys [8/19/2010 11:04 AM 2144]
R3 FirehkMP;FirehkMP;c:\windows\SYSTEM32\DRIVERS\firehk.sys [5/20/2010 3:16 PM 44680]
R3 HIPK;McAfee Inc. HIPK;c:\windows\SYSTEM32\DRIVERS\HIPK.sys [5/20/2010 3:17 PM 107960]
R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\SYSTEM32\DRIVERS\HIPPSK.sys [5/20/2010 3:17 PM 38680]
R3 HIPQK;McAfee Inc. HIPQK;c:\windows\SYSTEM32\DRIVERS\HIPQK.sys [5/20/2010 3:17 PM 35584]
R3 owcmirrorV1;owcmirrorV1;c:\windows\SYSTEM32\DRIVERS\owcmirrorminiV1.sys [3/16/2010 8:29 AM 3712]
R3 VF0350Afx;VF0350 Audio FX;c:\windows\SYSTEM32\DRIVERS\V0350Afx.sys [1/31/2008 4:34 PM 142656]
R3 VF0350Vfx;VF0350 Video FX;c:\windows\SYSTEM32\DRIVERS\V0350Vfx.sys [1/31/2008 4:34 PM 7424]
R3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\SYSTEM32\DRIVERS\V0350Vid.sys [1/31/2008 4:34 PM 170368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate1caa45020ee47ca;Google Update Service (gupdate1caa45020ee47ca);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 1:38 PM 133104]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2/10/2010 10:59 AM 401920]
S3 CDVDService;CDVDService;c:\program files\1Step DVD Copy\CDVDService.exe [9/10/2010 2:00 PM 348160]
S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\firehk.sys [5/20/2010 3:16 PM 44680]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 4:49 AM 227232]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [5/20/2010 3:08 PM 65448]
S3 Normandy;Normandy SR2; [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\SYSTEM32\DRIVERS\wdcsam.sys [5/6/2008 3:06 PM 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 2:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfebopk01
*Deregistered* - mfebopk02

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-11-15 c:\windows\Tasks\At1.job
- c:\windows\orclobi\gdswsuspatch.exe [2010-05-20 16:00]

2010-11-15 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-06-26 17:32]

2010-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 21:38]

2010-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 21:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = webcache.sfbay.sun.com:8080
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &PHToolBand -
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {{5CC5AADB-AD8E-433a-A5DE-46F33901281A} - c:\program files\PC TechZone\Merlin AuctionMagic\IE Toolbar\iebutton.htm
IE: {{5BB29DC6-4046-4aa1-B590-C29372456BA0} - {9A85FF39-28A4-4bf1-8290-DD075267FF35} - c:\windows\Downloaded Program Files\ClickMap.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: bandInstaller - hxxps://sitecatalyst.omniture.com/sc12/clickmap/ClickMapInstaller.CAB
DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} - hxxp://vapwfa.ops.placeware.com/etc/place/FOLDER/VAFpws-a1/5.1.8.511/lib/quicksilver.cab
FF - ProfilePath - c:\documents and settings\Mattr\Application Data\Mozilla\Firefox\Profiles\xv6uyd8o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
FF - prefs.js: network.proxy.ftp - webcache.sfbay.sun.com
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - webcache.sfbay.sun.com
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.ssl - webcache.sfbay.sun.com
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\McAfee\SiteAdvisor Enterprise\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Mattr\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Mattr\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-15 08:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1408)
c:\windows\system32\HcApi.dll
c:\windows\system32\KevlarSigs.dll

- - - - - - - > 'lsass.exe'(1464)
c:\windows\system32\HcApi.dll
c:\windows\system32\KevlarSigs.dll

- - - - - - - > 'explorer.exe'(1036)
c:\windows\system32\WININET.dll
c:\windows\system32\HcApi.dll
c:\windows\system32\KevlarSigs.dll
c:\program files\Ditto\focus.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'csrss.exe'(1384)
c:\windows\system32\HcApi.dll
c:\windows\system32\KevlarSigs.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\Seagate\SeagateManager\Sync\MaxSync.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\windows\System32\snmp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\McAfee\Common Framework\McTray.exe
.
**************************************************************************
.
Completion time: 2010-11-15 08:15:09 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-15 16:14
ComboFix2.txt 2010-10-28 15:05
ComboFix3.txt 2009-08-30 14:27
ComboFix4.txt 2009-06-10 22:37

Pre-Run: 396,844,601,344 bytes free
Post-Run: 396,913,471,488 bytes free

- - End Of File - - EF0438AEE1E62F63C075976793EA1F34

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:43 AM

Posted 16 November 2010 - 10:12 AM

How is the PC doing?

regrads myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 Magic Dude

Magic Dude
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 17 November 2010 - 10:26 AM

The PC is doing great, no problems experienced.

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:43 AM

Posted 20 November 2010 - 09:32 AM

Great, please run an online scan to check for possible leftovers:
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users