Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System freeze/Slow usage


  • This topic is locked This topic is locked
55 replies to this topic

#1 velidar

velidar

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 20 December 2010 - 11:09 AM

Hello all and thank you for your consideration in this matter.
The OS is Windows XP Home edition.
Upon start up the system freezes frequently forcing a hard restart.
When I attempt to search for Microsoft updates using google->microsoft updates I get a page stating that I need to enable automatic updates, which are and always have been enabled, when in the past it would take me to a screen that would check for any updates I needed.
I did a google search with this problem and read that others were having "hijack" issues, which I believe the two may be related, and I decided to download Hijackthis which I have used in the past and it worked on another computer. Running the scan it gave me a list much more extensive than I am capable of understanding what to remove and/or leave alone so I wanted to post the list to you all here in hopes that this might be a good start in recovering some normal functions on this computer.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:35:35 AM, on 12/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
c:\program files\common files\aol\1100995443\ee\services\antiSpywareApp\ver2_0_27_1\AOLSP Scheduler.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100995443\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://pictures.aolcdn.com/ap/Resources/1.1.0.31/cab/aolpPlugins.10.1.0.0.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} - http://thesims.ea.com/teleport/superstar/MaxisSuperstarTeleX.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238569743578
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag3209.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} - http://thesims.ea.com/teleport/families/MaxisSimsFamilyTeleX.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.com/client/msnmusax3209.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - (no CLSID) - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 14989 bytes


I apologize for the lengthy list and I am familiar with most items in the list such as McAfee and such but I know too that problems can attach themselves just about anywhere and did not want to start deleting items without being sure.
Any help and/or additional inquiries or options are appreciated!

Thank you,
Jeromey

BC AdBot (Login to Remove)

 


#2 velidar

velidar
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 20 December 2010 - 11:53 PM

bump

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:08 PM

Posted 30 December 2010 - 06:20 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note - if you get the following warning, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Click on Cancel, then Accept.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:08 PM

Posted 08 January 2011 - 06:25 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:08 PM

Posted 22 March 2011 - 03:42 PM

This topic has been re-opened at the request of the person who originally posted.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 velidar

velidar
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 22 March 2011 - 08:27 PM

The computer doesn't take as long as it did to boot but it still seems to suffer from sluggishness and it gets several sequential windows download popups that seem to be for one of the photo editors on this machine while a few clicks on the windows task manager puts an end to them coming up. Other than that nothing more comes to mind at the moment. Thank you so very much for your time! If you have any other questions or inquiries please don't hesitate to ask.

Jeromey



OTL logfile created on: 3/22/2011 4:37:03 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Cindy\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 15.84 Gb Free Space | 21.28% Space Free | Partition Type: NTFS
Drive E: | 681.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CINDY | User Name: Cindy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/22 16:20:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cindy\My Documents\Downloads\OTL.exe
PRC - [2011/03/15 15:20:42 | 000,724,152 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2011/01/17 16:15:32 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/12/20 14:44:18 | 001,462,544 | ---- | M] (Blue Coat Systems, Inc.) -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
PRC - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\mfevtps.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/07/20 11:52:23 | 000,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\1100995443\EE\aolsoftware.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/06 11:35:02 | 000,270,336 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
PRC - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\ACS\AOLacsd.exe
PRC - [2006/05/17 14:07:56 | 000,001,536 | ---- | M] () -- c:\Program Files\Common Files\aol\1100995443\EE\services\antiSpywareApp\ver2_0_27_1\AOLSP Scheduler.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe
PRC - [2005/08/30 22:01:38 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2004/10/15 12:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\aol\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 12:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\aol\TopSpeed\2.0\aoltpspd.exe
PRC - [2003/08/27 09:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2002/04/29 23:00:00 | 000,167,424 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\Mediadet.exe
PRC - [2001/12/25 23:00:00 | 000,191,488 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\CTNotify.exe


========== Modules (SafeList) ==========

MOD - [2011/03/22 16:20:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cindy\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/03/17 18:36:05 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_d76cf65.dll -- (Akamai)
SRV - [2011/03/15 15:20:42 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/03/15 15:20:42 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2010/12/20 14:44:18 | 001,462,544 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
SRV - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\SYSTEM32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/02/28 17:57:24 | 000,018,944 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\Program Files\Kodak\printer\center\KodakSvc.exe -- (KodakSvc)
SRV - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/10/15 12:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\aol\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2003/08/27 09:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
SRV - [2003/03/03 10:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/12/20 14:43:48 | 000,080,272 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bckd.sys -- (bckd)
DRV - [2010/11/04 00:00:00 | 000,002,304 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\HtsysmNT.sys -- (Htsysm)
DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 22:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cfwids.sys -- (cfwids)
DRV - [2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2008/04/13 10:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2006/07/24 18:51:34 | 000,009,341 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2005/08/30 22:16:49 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2005/08/19 03:00:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2005/08/19 03:00:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys -- (Afc)
DRV - [2004/09/29 12:36:29 | 000,015,360 | RH-- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NetMotCM.sys -- (ndiscm)
DRV - [2004/08/03 21:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 21:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 21:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 21:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 21:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 21:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 21:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 21:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 21:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 21:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/09/26 00:41:57 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2003/09/26 00:41:57 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2003/09/26 00:41:57 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2003/09/26 00:41:57 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2003/09/22 11:43:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2003/09/22 07:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 07:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2003/08/29 03:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/01/10 15:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/12/17 09:27:32 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/11/08 10:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/23 11:00:00 | 000,022,400 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SbcpHid.sys -- (SbcpHid)
DRV - [2001/08/17 09:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/02/28 07:42:44 | 000,034,712 | ---- | M] (Marimba, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MrtRate.sys -- (mrtRate)
DRV - [1999/12/16 22:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-18526110-1008931058-1146325011-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
IE - HKU\S-1-5-21-18526110-1008931058-1146325011-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/?ref=logo
IE - HKU\S-1-5-21-18526110-1008931058-1146325011-1007\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-18526110-1008931058-1146325011-1007\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-18526110-1008931058-1146325011-1007\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-18526110-1008931058-1146325011-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-18526110-1008931058-1146325011-1007\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
IE - HKU\S-1-5-21-18526110-1008931058-1146325011-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-18526110-1008931058-1146325011-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/home.php"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/07 22:13:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/07 22:13:27 | 000,000,000 | ---D | M]

[2010/12/09 11:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cindy\Application Data\Mozilla\Extensions
[2011/03/21 21:07:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cindy\Application Data\Mozilla\Firefox\Profiles\ud6kp8cu.default\extensions
[2010/12/20 21:03:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Cindy\Application Data\Mozilla\Firefox\Profiles\ud6kp8cu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/20 18:16:37 | 000,002,569 | ---- | M] () -- C:\Documents and Settings\Cindy\Application Data\Mozilla\Firefox\Profiles\ud6kp8cu.default\searchplugins\askcom.xml
[2010/12/09 11:14:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/09 18:41:34 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/10/13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2011/03/20 18:17:42 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/01/20 23:02:55 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110220223521.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-18526110-1008931058-1146325011-1007\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKU\S-1-5-21-18526110-1008931058-1146325011-1007\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKU\S-1-5-21-18526110-1008931058-1146325011-1007\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O3 - HKU\S-1-5-21-18526110-1008931058-1146325011-1007\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-18526110-1008931058-1146325011-1007\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CTNotify.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1100995443\EE\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-18..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-21-18526110-1008931058-1146325011-1007..\Run: [UpdateMyDrivers] File not found
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe (ArcSoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-18526110-1008931058-1146325011-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKU\S-1-5-21-18526110-1008931058-1146325011-1007\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-18526110-1008931058-1146325011-1007\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} http://pictures.aolcdn.com/ap/Resources/1.1.0.31/cab/aolpPlugins.10.1.0.0.cab (AOL Pictures Uploader Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Reg Error: Key error.)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com/computercheckup/qdiagcc.cab (Reg Error: Key error.)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} http://thesims.ea.com/teleport/superstar/MaxisSuperstarTeleX.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238569743578 (MUWebControl Class)
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab (Reg Error: Key error.)
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} http://entimg.msn.com/client/msnediag3209.cab (MsneDiag Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Reg Error: Key error.)
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} http://www.callwave.com/include/cab/CWDL_DownLoad.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB (Reg Error: Key error.)
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} http://thesims.ea.com/teleport/families/MaxisSimsFamilyTeleX.cab (Reg Error: Key error.)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-centives.com/cif/download/bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab (Reg Error: Key error.)
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} https://music.msn.com/client/msnmusax3209.cab (MsnMusicAx Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Cindy\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cindy\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 05:59:58 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/08/21 17:37:00 | 000,364,544 | R--- | M] () - E:\autoplay.exe -- [ CDFS ]
O32 - AutoRun File - [2006/08/10 14:36:20 | 000,000,055 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{d8cb4cc8-dfc6-11df-9e89-00038a000015}\Shell\AutoRun\command - "" = G:\urDrive.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/22 16:31:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/03/20 19:16:40 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2011/03/20 19:16:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cindy\Application Data\Leadertech
[2011/03/20 19:16:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Buena Vista Games
[2011/03/20 19:16:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cindy\Application Data\Desperate Housewives
[2011/03/20 19:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\Buena Vista Games
[2011/03/20 19:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cindy\Application Data\InstallShield
[2011/03/20 18:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cindy\Local Settings\Application Data\AskToolbar
[2011/03/20 17:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/03/20 17:50:52 | 000,000,000 | ---D | C] -- C:\Program Files\SmartTweak Software
[2011/03/20 17:50:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cindy\Local Settings\Application Data\PackageAware
[2011/03/11 21:58:11 | 000,000,000 | ---D | C] -- C:\Program Files\Metin2
[2011/03/11 18:53:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Blue Coat K9 Web Protection
[2011/03/11 18:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\Blue Coat K9 Web Protection
[2011/02/20 22:35:18 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2011/02/20 22:34:55 | 000,088,544 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2011/02/20 22:34:55 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2011/02/20 22:34:55 | 000,084,072 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2011/02/20 22:34:54 | 000,313,288 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2011/02/20 22:34:54 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2011/02/20 22:34:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2011/02/20 22:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2011/02/20 22:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/02/20 22:04:47 | 000,141,792 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2010/12/26 12:38:27 | 000,462,976 | ---- | C] (Perfect World Entertainment) -- C:\Program Files\PWIRisingTide402.exe
[2010/08/19 20:07:27 | 321,320,604 | ---- | C] (Miracle Castle ) -- C:\Program Files\TalismanOnline_1652_Setup.exe
[2010/07/02 18:30:12 | 089,420,387 | ---- | C] (Macrovision Corporation) -- C:\Program Files\setup.exe
[2010/02/27 23:47:53 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2010/01/30 12:56:06 | 009,732,720 | ---- | C] (PC Tools ) -- C:\Program Files\rminstall.exe
[2005/08/30 17:25:05 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2004/01/08 18:33:04 | 000,090,112 | R--- | C] ( ) -- C:\WINDOWS\System32\SCCD3X02.DLL
[2003/09/26 00:37:27 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 30 Days ==========

[2011/03/22 16:42:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/22 16:36:14 | 000,000,629 | ---- | M] () -- C:\Documents and Settings\Cindy\Desktop\Shortcut to OTL.exe.lnk
[2011/03/22 16:32:26 | 000,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/03/22 16:31:23 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/03/22 16:31:07 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2011/03/22 16:30:47 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/22 16:30:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/03/22 16:30:24 | 2683,359,232 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/21 21:01:02 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/03/20 19:18:10 | 000,001,833 | ---- | M] () -- C:\Documents and Settings\Cindy\Desktop\Desperate Housewives.lnk
[2011/03/20 19:16:40 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2011/03/20 19:16:15 | 000,001,175 | ---- | M] () -- C:\WINDOWS\disney.ini
[2011/03/20 19:16:06 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\Cindy\Desktop\Unlocked Coupons.lnk
[2011/03/20 19:08:10 | 000,000,185 | ---- | M] () -- C:\WINDOWS\disneysy.ini
[2011/03/20 18:20:40 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\Cindy\Desktop\Shortcut to sfdnwin.lnk
[2011/03/17 21:38:58 | 000,001,806 | ---- | M] () -- C:\Documents and Settings\Cindy\Desktop\System Mechanic Professional.lnk
[2011/03/17 21:18:54 | 000,092,082 | ---- | M] () -- C:\Documents and Settings\Cindy\My Documents\Gloria 2010 tax.pdf
[2011/03/15 15:24:20 | 000,087,688 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\IncContxMenu.dll
[2011/03/15 15:23:32 | 000,011,776 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\smrgdf.exe
[2011/03/15 15:23:26 | 000,029,696 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\iolobtdfg.exe
[2011/03/15 15:21:16 | 002,234,552 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\Incinerator.dll
[2011/03/09 21:51:16 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/06 13:33:04 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf

========== Files Created - No Company Name ==========

[2011/03/22 16:36:14 | 000,000,629 | ---- | C] () -- C:\Documents and Settings\Cindy\Desktop\Shortcut to OTL.exe.lnk
[2011/03/20 19:18:10 | 000,001,833 | ---- | C] () -- C:\Documents and Settings\Cindy\Desktop\Desperate Housewives.lnk
[2011/03/20 19:16:06 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\Cindy\Desktop\Unlocked Coupons.lnk
[2011/03/20 19:08:24 | 000,001,175 | ---- | C] () -- C:\WINDOWS\disney.ini
[2011/03/20 19:08:10 | 000,000,185 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2011/03/20 18:20:39 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\Cindy\Desktop\Shortcut to sfdnwin.lnk
[2011/03/20 17:51:38 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/03/17 21:14:13 | 000,092,082 | ---- | C] () -- C:\Documents and Settings\Cindy\My Documents\Gloria 2010 tax.pdf
[2011/03/13 09:39:48 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2011/02/20 12:32:12 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\HtsysmNT.sys
[2010/12/30 14:39:33 | 000,103,511 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2010/12/30 14:39:33 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2010/12/19 14:26:44 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/09/19 14:46:15 | 000,103,519 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2010/09/19 14:46:15 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2010/08/12 21:10:58 | 001,967,440 | ---- | C] () -- C:\Program Files\zynga_toolbar.exe
[2010/07/02 19:50:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OZ.dat
[2010/05/26 23:12:13 | 000,000,271 | ---- | C] () -- C:\WINDOWS\SysMech.INI
[2010/04/24 19:19:00 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/02/01 17:18:20 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll
[2009/09/28 18:32:52 | 000,078,316 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/26 09:40:02 | 000,000,091 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/09/22 23:08:52 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/06/02 19:47:29 | 000,000,094 | ---- | C] () -- C:\WINDOWS\MusicRip.ini
[2008/05/16 14:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 14:01:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/05/16 14:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 14:01:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/05/16 14:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/02/02 20:51:17 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/02/02 20:45:00 | 000,124,401 | ---- | C] () -- C:\WINDOWS\HPHins12.dat
[2008/02/02 20:45:00 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat
[2007/03/26 11:54:16 | 000,000,279 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2006/04/09 11:51:42 | 004,194,441 | ---- | C] () -- C:\Documents and Settings\Cindy\Application Data\sdi.db
[2005/10/20 13:50:28 | 003,834,922 | ---- | C] () -- C:\Program Files\CM_EN.zip
[2005/08/17 18:43:48 | 000,046,793 | ---- | C] () -- C:\Program Files\Disney Princess.Sims2Pack
[2005/08/01 16:47:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/06/11 22:35:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\slingo.INI
[2005/06/02 17:32:56 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/05/07 14:42:11 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Cindy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/05/03 17:07:37 | 000,007,680 | ---- | C] () -- C:\Program Files\Mee.mswmm
[2005/03/17 14:57:40 | 001,130,798 | ---- | C] () -- C:\Program Files\constantine_setup.exe
[2004/12/03 23:21:13 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Cindy\Local Settings\Application Data\fusioncache.dat
[2004/11/19 06:57:03 | 000,000,048 | ---- | C] () -- C:\WINDOWS\upst.ini
[2004/10/31 10:18:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MusicNetUninst.exe
[2004/10/02 16:50:26 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2004/10/02 16:48:29 | 001,633,502 | ---- | C] () -- C:\Program Files\ATWT_screensaver.zip
[2004/09/05 14:33:04 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/20 13:31:14 | 001,739,715 | ---- | C] () -- C:\Program Files\atwt_screensaver.exe
[2004/07/14 22:41:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\slingo2x.INI
[2004/06/19 12:32:18 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT
[2004/06/19 12:23:04 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2004/06/19 12:22:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2004/06/19 12:22:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2004/06/18 05:56:40 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/06/18 05:56:39 | 000,000,048 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004/01/24 09:02:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\slingo5c.INI
[2004/01/24 07:35:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\slingox.INI
[2004/01/22 11:00:28 | 000,012,635 | ---- | C] () -- C:\WINDOWS\System32\DAntivirus.ini
[2004/01/08 18:33:04 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\SCCD3X01.DLL
[2004/01/01 11:37:35 | 000,018,371 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/12/20 15:09:05 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2003/12/19 19:53:53 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2003/12/05 18:26:27 | 000,000,788 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2003/11/29 12:41:39 | 000,001,056 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2003/11/29 12:41:33 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2003/11/29 12:41:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2003/11/29 12:41:33 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2003/11/29 12:41:20 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2003/11/04 18:12:06 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Cindy\Application Data\PFP110JPR.{PB
[2003/11/04 18:12:06 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Cindy\Application Data\PFP110JCM.{PB
[2003/11/03 19:09:27 | 000,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2003/09/26 00:43:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/09/26 00:40:29 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/09/26 00:38:50 | 000,001,117 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/09/26 00:38:49 | 000,000,922 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/09/26 00:38:48 | 000,007,406 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2003/09/26 00:37:41 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2003/09/26 00:37:41 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2003/09/26 00:37:27 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2003/09/26 00:37:27 | 000,006,175 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2003/09/26 00:37:27 | 000,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI
[2003/09/26 00:37:27 | 000,002,092 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2003/09/26 00:37:27 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2003/09/26 00:37:27 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/09/26 00:37:00 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003/09/26 00:24:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2003/09/26 00:22:56 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/09/26 00:22:52 | 000,469,098 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2003/09/26 00:22:52 | 000,080,374 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2003/09/26 00:22:41 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/09/26 00:08:54 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/07/28 15:19:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2003/07/28 15:19:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2003/07/28 15:19:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2003/07/28 15:19:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2003/07/11 07:00:28 | 000,335,464 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/11 06:59:46 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2003/07/11 06:57:52 | 000,000,898 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2002/09/03 05:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 05:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 05:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 05:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 02:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 02:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 02:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 02:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 02:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 02:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 02:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2001/08/23 11:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[1979/12/31 21:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2007/07/05 21:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/01/29 16:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2011/03/17 21:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/01/29 16:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2011/02/20 11:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/09/26 09:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2010/02/03 22:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2003/12/19 19:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/29 16:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/24 17:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/23 09:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/10/02 09:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cindy\Application Data\Amazon
[2011/03/20 21:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cindy\Application Data\Desperate Housewives
[2011/03/15 20:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cindy\Application Data\GetRightToGo
[2011/01/16 21:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cindy\Application Data\Image Zone Express
[2010/05/26 23:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cindy\Application Data\iolo
[2011/03/20 19:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cindy\Application Data\Leadertech
[2003/12/19 19:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cindy\Application Data\Learn2.com
[2005/06/02 17:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cindy\Application Data\Musicmatch
[2010/02/01 17:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cindy\Application Data\Skinux
[2008/11/14 23:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cindy\Application Data\Snapfish
[2008/11/04 20:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cindy\Application Data\Viewpoint
[2011/03/20 19:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Desperate Housewives
[2010/04/24 19:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2008/01/27 15:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SDSD
[2011/03/21 21:01:02 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

------------------------------------------------------------------------------------------------------------------

OTL Extras logfile created on: 3/22/2011 4:37:03 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Cindy\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 15.84 Gb Free Space | 21.28% Space Free | Partition Type: NTFS
Drive E: | 681.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CINDY | User Name: Cindy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-18526110-1008931058-1146325011-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"58800:TCP" = 58800:TCP:*:Enabled:Pando Media Booster
"58800:UDP" = 58800:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"58800:TCP" = 58800:TCP:*:Enabled:Pando Media Booster
"58800:UDP" = 58800:UDP:*:Enabled:Pando Media Booster
"1050:TCP" = 1050:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a -- (America Online, Inc.)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a -- (America Online, Inc.)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Enabled:backWeb-7288971
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater
"C:\Program Files\MusicNetOnAOL\client\bin\AOLMN.exe" = C:\Program Files\MusicNetOnAOL\client\bin\AOLMN.exe:*:Enabled:MusicNet on AOL -- (AOL, Inc.)
"C:\Program Files\Common Files\aol\Loader\aolload.exe" = C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (AOL LLC)
"C:\Program Files\Common Files\aol\ACS\AOLDial.exe" = C:\Program Files\Common Files\aol\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\aol\ACS\AOLacsd.exe" = C:\Program Files\Common Files\aol\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\America Online 9.0b\waol.exe" = C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\aol\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\aol\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\aol\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\aol\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\aol\1100995443\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\aol\1100995443\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\aol\System Information\sinf.exe" = C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\aol\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\aol\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
"C:\Program Files\Common Files\aol\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\aol\AOL Spyware Protection\asp.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)
"C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" = C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe:*:Enabled:Burn CD & DVDs with Roxio -- (Roxio)
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:PowerDVD -- (CyberLink Corp.)
"C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe" = C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe:*:Enabled:Adobe Download Manager
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\Common Files\aol\1100995443\EE\aolsoftware.exe" = C:\Program Files\Common Files\aol\1100995443\EE\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\AOL 9.5\waol.exe" = C:\Program Files\AOL 9.5\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\CallWave\IAM.exe" = C:\Program Files\CallWave\IAM.exe:*:Enabled:CallWave -- (CallWave, Inc.)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0996C331-6DCB-4E38-A3EC-0A77ABAE1361}" = Help_CTR
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0BD4A941-1E31-4E1E-9FC2-114889FC4B95}_is1" = PandoraSaga version 1.0
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{256AEBD0-41C6-471E-92B4-B256F5176A72}" = D7100
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17
"{2A97D5B3-A989-47E1-B207-1CA9E3635655}" = aioprnt
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{3004FB81-7B9E-4808-BD13-BC5A530BA60B}" = cp_PrintOnCDConfig
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{36DC3E2F-CD8C-4953-9E8F-9A1916D10AA1}" = hph_software
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3BED0238-3A25-41AE-BC23-316914B5B048}" = aioocr
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40C03514-89C3-41BA-0090-3B440256DB87}" = The Sims 2
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{64116298-93C5-401D-B06C-39D8E3338508}" = DAO
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
"{703C4409-D597-433A-9B17-E411D9236451}" = Button Manager v1.874
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{714B6179-84C4-4FBE-B934-B6CF75ED37A5}" = D6100_D7100_D7300_Help
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73F1681F-ADE1-461F-9F18-B7640507D395}" = ksdip
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{791E3D44-33D3-4446-82AD-5CD4B0169083}" = aiofw
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{79E41D91-BA1C-44B9-9358-48E598263ECF}" = center
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{843081BD-351F-46FC-8A17-517A0D9117A3}" = helptut
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Glamour Life Stuff
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7646-A70000000000}" = Adobe Reader 7.0
"{ACCCEE83-B49B-4964-8A4F-378B8FBC9F75}" = hph_ProductContext
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1" = iolo technologies' System Mechanic Professional
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C0251585-1BE8-4278-B3CB-964B6E01C59D}" = aioscnnr
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}" = HP Photosmart and Deskjet 7.0 Software
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D41922D2-8272-48EE-B863-BE7EFF34A362}" = Desperate Housewives
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}" = helpug
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF6F70D0-C242-4047-946B-98EA8208481A}" = ArcSoft TotalMedia Backup & Record
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"AOL Pictures" = AOL Pictures Tools (version 10.1.0.0)
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AolCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Blue Coat K9 Web Protection" = Blue Coat K9 Web Protection 4.2.48
"CallWave" = CallWave
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DellSupport" = Dell Support 5.0.0 (766)
"ENTERPRISER" = Microsoft Office Enterprise 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Entertainment Download Troubleshooter" = MSN Entertainment Download Troubleshooter
"MSN Music Assistant" = MSN Music Assistant
"MusicNet on AOL" = MusicNet@AOL
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"Port Magic" = Pure Networks Port Magic
"PROSet" = Intel® PRO Network Adapters and Drivers
"Quicken 2002 New User Edition" = Quicken 2002 New User Edition
"RealPlayer 6.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Talisman Online_is1" = Talisman Online Ver.1652
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Zynga Toolbar" = Zynga Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-18526110-1008931058-1146325011-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/22/2011 8:34:51 PM | Computer Name = CINDY | Source = MsiInstaller | ID = 10005
Description = Product: PhotoGallery -- The installer has encountered an unexpected
error installing this package. This may indicate a problem with this package. The
error code is 2908. The arguments are: {638FC9CD-01D2-4886-8960-53087333622D},
,

Error - 3/22/2011 8:34:51 PM | Computer Name = CINDY | Source = MsiInstaller | ID = 10005
Description = Product: PhotoGallery -- The installer has encountered an unexpected
error installing this package. This may indicate a problem with this package. The
error code is 2908. The arguments are: {72ED81B3-3FDE-4B47-A1D5-BE20EF75C540},
,

Error - 3/22/2011 8:34:51 PM | Computer Name = CINDY | Source = MsiInstaller | ID = 10005
Description = Product: PhotoGallery -- The installer has encountered an unexpected
error installing this package. This may indicate a problem with this package. The
error code is 2908. The arguments are: {D236277E-0D7B-44E6-8A78-99C3458F765A},
,

Error - 3/22/2011 8:34:52 PM | Computer Name = CINDY | Source = MsiInstaller | ID = 10005
Description = Product: PhotoGallery -- The installer has encountered an unexpected
error installing this package. This may indicate a problem with this package. The
error code is 2908. The arguments are: {967C8488-2793-492F-9706-262E0AC957E0},
,

Error - 3/22/2011 8:34:52 PM | Computer Name = CINDY | Source = MsiInstaller | ID = 10005
Description = Product: PhotoGallery -- The installer has encountered an unexpected
error installing this package. This may indicate a problem with this package. The
error code is 2908. The arguments are: {0DA93378-90A1-4428-934A-E53FE7FB9A54},
,

Error - 3/22/2011 8:34:52 PM | Computer Name = CINDY | Source = MsiInstaller | ID = 10005
Description = Product: PhotoGallery -- The installer has encountered an unexpected
error installing this package. This may indicate a problem with this package. The
error code is 2908. The arguments are: {79DEC1BD-2E76-4D04-8D46-35B6FB75F375},
,

Error - 3/22/2011 8:34:52 PM | Computer Name = CINDY | Source = MsiInstaller | ID = 10005
Description = Product: PhotoGallery -- The installer has encountered an unexpected
error installing this package. This may indicate a problem with this package. The
error code is 2908. The arguments are: {CE375866-7683-4507-AD81-C943FAFCA6B4},
,

Error - 3/22/2011 8:34:57 PM | Computer Name = CINDY | Source = MsiInstaller | ID = 11706
Description = Product: PhotoGallery -- Error 1706. An installation package for the
product PhotoGallery cannot be found. Try the installation again using a valid
copy of the installation package 'PhotoGallery.msi'.

Error - 3/22/2011 8:39:42 PM | Computer Name = CINDY | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 3/22/2011 8:39:42 PM | Computer Name = CINDY | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

[ OSession Events ]
Error - 3/14/2009 1:37:34 AM | Computer Name = CINDY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 68 seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/21/2011 8:23:57 PM | Computer Name = CINDY | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 3/21/2011 8:27:27 PM | Computer Name = CINDY | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 3/22/2011 8:01:55 PM | Computer Name = CINDY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Kodak AiO Device Service
service to connect.

Error - 3/22/2011 8:01:55 PM | Computer Name = CINDY | Source = Service Control Manager | ID = 7000
Description = The Kodak AiO Device Service service failed to start due to the following
error: %%1053

Error - 3/22/2011 8:11:01 PM | Computer Name = CINDY | Source = DCOM | ID = 10010
Description = The server {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766} did not register
with DCOM within the required timeout.

Error - 3/22/2011 8:30:48 PM | Computer Name = CINDY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Kodak AiO Device Service
service to connect.

Error - 3/22/2011 8:30:48 PM | Computer Name = CINDY | Source = Service Control Manager | ID = 7000
Description = The Kodak AiO Device Service service failed to start due to the following
error: %%1053

Error - 3/22/2011 8:33:40 PM | Computer Name = CINDY | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 3/22/2011 8:33:45 PM | Computer Name = CINDY | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 3/22/2011 8:34:29 PM | Computer Name = CINDY | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.


< End of report >

---------------------------------------------------------------------------------------------------------------

RkUnhooker report generator v0.7
==============================================
Rootkit Unhooker kernel version: 3.7.300.505
==============================================
Windows Major Version: 5
Windows Minor Version: 1
Windows Build Number: 2600
==============================================
>Drivers
Driver: C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
Address: 0xB9707000
Size: 6557696 bytes

Driver: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBF012000
Size: 6111232 bytes

Driver: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000
Size: 2265088 bytes

Driver: PnpManager
Address: 0x804D7000
Size: 2265088 bytes

Driver: RAW
Address: 0x804D7000
Size: 2265088 bytes

Driver: WMIxWDM
Address: 0x804D7000
Size: 2265088 bytes

Driver: Win32k
Address: 0xBF800000
Size: 1855488 bytes

Driver: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000
Size: 1855488 bytes

Driver: C:\WINDOWS\system32\drivers\P16X.sys
Address: 0xB945A000
Size: 1331200 bytes

Driver: C:\WINDOWS\System32\DRIVERS\BCMSM.sys
Address: 0xB95C2000
Size: 1101824 bytes

Driver: Ntfs.sys
Address: 0xF7B52000
Size: 577536 bytes

Driver: C:\WINDOWS\system32\drivers\smwdm.sys
Address: 0xB9295000
Size: 548864 bytes

Driver: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Address: 0xB7D9B000
Size: 458752 bytes

Driver: C:\WINDOWS\System32\DRIVERS\update.sys
Address: 0xB91FB000
Size: 385024 bytes

Driver: mfehidk.sys
Address: 0xF7431000
Size: 380928 bytes

Driver: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Address: 0xB7EF3000
Size: 364544 bytes

Driver: C:\WINDOWS\System32\DRIVERS\srv.sys
Address: 0xB6EDD000
Size: 360448 bytes

Driver: C:\WINDOWS\system32\drivers\mfefirek.sys
Address: 0xB939B000
Size: 307200 bytes

Driver: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xB6521000
Size: 266240 bytes

Driver: C:\WINDOWS\System32\Drivers\cdudf_xp.SYS
Address: 0xB7FDE000
Size: 241664 bytes

Driver: C:\WINDOWS\System32\Drivers\UdfReadr_xp.SYS
Address: 0xB7F71000
Size: 208896 bytes

Driver: ACPI.sys
Address: 0xF75A8000
Size: 188416 bytes

Driver: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Address: 0xB7115000
Size: 184320 bytes

Driver: NDIS.sys
Address: 0xF786A000
Size: 184320 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
Address: 0xB940A000
Size: 180224 bytes

Driver: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xB5391000
Size: 176128 bytes

Driver: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Address: 0xB7E0B000
Size: 176128 bytes

Driver: C:\WINDOWS\System32\DRIVERS\netbt.sys
Address: 0xB7E58000
Size: 163840 bytes

Driver: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Address: 0xB7EBA000
Size: 155648 bytes

Driver: C:\WINDOWS\System32\DRIVERS\e100b325.sys
Address: 0xB932F000
Size: 147456 bytes

Driver: C:\WINDOWS\system32\drivers\mfeavfk.sys
Address: 0xB93E6000
Size: 147456 bytes

Driver: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB9436000
Size: 147456 bytes

Driver: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Address: 0xB96CF000
Size: 147456 bytes

Driver: C:\WINDOWS\System32\DRIVERS\ks.sys
Address: 0xB959F000
Size: 143360 bytes

Driver: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xB7E36000
Size: 139264 bytes

Driver: ACPI_HAL
Address: 0x80700000
Size: 134400 bytes

Driver: C:\WINDOWS\system32\hal.dll
Address: 0x80700000
Size: 134400 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
Address: 0xB937B000
Size: 131072 bytes

Driver: fltmgr.sys
Address: 0xF74A0000
Size: 131072 bytes

Driver: ftdisk.sys
Address: 0xF74D8000
Size: 126976 bytes

Driver: C:\WINDOWS\System32\Drivers\pwd_2k.SYS
Address: 0xB8039000
Size: 126976 bytes

Driver: Mup.sys
Address: 0xF7850000
Size: 106496 bytes

Driver: atapi.sys
Address: 0xF74C0000
Size: 98304 bytes

Driver: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB7781000
Size: 98304 bytes

Driver: KSecDD.sys
Address: 0xF741A000
Size: 94208 bytes

Driver: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Address: 0xB926A000
Size: 94208 bytes

Driver: C:\WINDOWS\system32\drivers\mfeapfk.sys
Address: 0xB641B000
Size: 90112 bytes

Driver: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xB6D88000
Size: 86016 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mfendisk.sys
Address: 0xB9281000
Size: 81920 bytes

Driver: C:\WINDOWS\System32\DRIVERS\parport.sys
Address: 0xB931B000
Size: 81920 bytes

Driver: C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS
Address: 0xB96F3000
Size: 81920 bytes

Driver: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Address: 0xB7F4C000
Size: 77824 bytes

Driver: C:\WINDOWS\system32\drivers\mfetdi2k.sys
Address: 0xB7EE0000
Size: 77824 bytes

Driver: WudfPf.sys
Address: 0xF7407000
Size: 77824 bytes

Driver: C:\WINDOWS\system32\drivers\bckd.sys
Address: 0xB7EA8000
Size: 73728 bytes

Driver: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000
Size: 73728 bytes

Driver: sr.sys
Address: 0xF748E000
Size: 73728 bytes

Driver: pci.sys
Address: 0xF7597000
Size: 69632 bytes

Driver: C:\WINDOWS\System32\DRIVERS\psched.sys
Address: 0xB9259000
Size: 69632 bytes

Driver: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xB741A000
Size: 65536 bytes

Driver: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Address: 0xBA03E000
Size: 65536 bytes

Driver: C:\WINDOWS\System32\DRIVERS\serial.sys
Address: 0xBA04E000
Size: 65536 bytes

Driver: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xBA06E000
Size: 61440 bytes

Driver: C:\WINDOWS\System32\DRIVERS\redbook.sys
Address: 0xBA02E000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB6FBD000
Size: 61440 bytes

Driver: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Address: 0xF76E7000
Size: 61440 bytes

Driver: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Address: 0xF7637000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HPZid412.sys
Address: 0xF7537000
Size: 53248 bytes

Driver: C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Address: 0xBA05E000
Size: 53248 bytes

Driver: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Address: 0xBA00E000
Size: 53248 bytes

Driver: VolSnap.sys
Address: 0xF7617000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\drivers\cfwids.sys
Address: 0xB658A000
Size: 49152 bytes

Driver: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Address: 0xF7697000
Size: 49152 bytes

Driver: agp440.sys
Address: 0xF7657000
Size: 45056 bytes

Driver: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF7557000
Size: 45056 bytes

Driver: C:\WINDOWS\System32\DRIVERS\imapi.sys
Address: 0xBA01E000
Size: 45056 bytes

Driver: C:\WINDOWS\system32\drivers\mfebopk.sys
Address: 0xB677A000
Size: 45056 bytes

Driver: MountMgr.sys
Address: 0xF7607000
Size: 45056 bytes

Driver: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Address: 0xF7687000
Size: 45056 bytes

Driver: isapnp.sys
Address: 0xF75F7000
Size: 40960 bytes

Driver: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF76C7000
Size: 40960 bytes

Driver: C:\WINDOWS\System32\DRIVERS\secdrv.sys
Address: 0xB6DED000
Size: 40960 bytes

Driver: C:\WINDOWS\System32\DRIVERS\termdd.sys
Address: 0xF76B7000
Size: 40960 bytes

Driver: disk.sys
Address: 0xF7627000
Size: 36864 bytes

Driver: C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS
Address: 0xBA7B8000
Size: 36864 bytes

Driver: C:\WINDOWS\System32\DRIVERS\intelppm.sys
Address: 0xBA07E000
Size: 36864 bytes

Driver: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Address: 0xF76A7000
Size: 36864 bytes

Driver: C:\WINDOWS\System32\DRIVERS\netbios.sys
Address: 0xF7587000
Size: 36864 bytes

Driver: PxHelp20.sys
Address: 0xF7647000
Size: 36864 bytes

Driver: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Address: 0xF7547000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\drivers\Afc.sys
Address: 0xF77C7000
Size: 32768 bytes

Driver: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF77AF000
Size: 32768 bytes

Driver: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF7727000
Size: 32768 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xF775F000
Size: 32768 bytes

Driver: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Address: 0xF77A7000
Size: 32768 bytes

Driver: C:\WINDOWS\System32\DRIVERS\fdc.sys
Address: 0xF77B7000
Size: 28672 bytes

Driver: C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS
Address: 0xF7737000
Size: 28672 bytes

Driver: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Address: 0xF7707000
Size: 28672 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Address: 0xF7747000
Size: 28672 bytes

Driver: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xF7757000
Size: 28672 bytes

Driver: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Address: 0xF77CF000
Size: 24576 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HPZius12.sys
Address: 0xF774F000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Address: 0xF77BF000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Address: 0xF77F7000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\Drivers\rkhdrv40.SYS
Address: 0xB77C9000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\Drivers\SbcpHid.sys
Address: 0xF772F000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Address: 0xF779F000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF7817000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\DRIVERS\wanatw4.sys
Address: 0xF77EF000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Address: 0xF7807000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF781F000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\DRIVERS\omci.sys
Address: 0xF77FF000
Size: 20480 bytes

Driver: PartMgr.sys
Address: 0xF770F000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Address: 0xF77DF000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\DRIVERS\raspti.sys
Address: 0xF77E7000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Address: 0xF77D7000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\watchdog.sys
Address: 0xF776F000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
Address: 0xBA37C000
Size: 16384 bytes

Driver: C:\WINDOWS\System32\Drivers\mrtRate.SYS
Address: 0xB6ECD000
Size: 16384 bytes

Driver: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Address: 0xBA390000
Size: 16384 bytes

Driver: C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Address: 0xB7396000
Size: 16384 bytes

Driver: C:\WINDOWS\System32\DRIVERS\serenum.sys
Address: 0xBA6FF000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7897000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xB7EA4000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\Drivers\FileDisk.SYS
Address: 0xB8074000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\DRIVERS\gameenum.sys
Address: 0xBA703000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\DRIVERS\hidusb.sys
Address: 0xB805C000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Address: 0xF793F000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\DRIVERS\mouhid.sys
Address: 0xB8058000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Address: 0xBA398000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Address: 0xBA7F0000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\drivers\aeaudio.sys
Address: 0xF79B5000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF79C5000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79E7000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF79C3000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7987000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\MCSTRM.SYS
Address: 0xF79E1000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF79C7000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF7991000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\PfModNT.sys
Address: 0xF79B1000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF79C9000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\DRIVERS\swenum.sys
Address: 0xF79B7000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\DRIVERS\USBD.SYS
Address: 0xF79BF000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\DRIVERS\WMILIB.SYS
Address: 0xF7989000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\DRIVERS\audstub.sys
Address: 0xF7A73000
Size: 4096 bytes

Driver: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xB9D50000
Size: 4096 bytes

Driver: C:\WINDOWS\system32\HtsysmNT.sys
Address: 0xBA53A000
Size: 4096 bytes

Driver: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7A64000
Size: 4096 bytes

Driver: pciide.sys
Address: 0xF7A4F000
Size: 4096 bytes

==============================================
>Stealth

#7 velidar

velidar
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 22 March 2011 - 08:28 PM

The DVD and CD/RW have a hard time reading some store bought program discs but we recently found "Disc Detector" on the computer and in using that the disc drives seem to be ok for now.

Edited by velidar, 22 March 2011 - 08:50 PM.


#8 velidar

velidar
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 22 March 2011 - 08:29 PM

Btw, the link to Rootkit Unhooker didn't work as it would take me to the "initializing" window then freeze the computer. I tried it several more times to no avail so I had to find another avenue to install it, just a heads up :).

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:08 PM

Posted 23 March 2011 - 04:28 AM

Hello again,

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.



MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 velidar

velidar
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 23 March 2011 - 01:00 PM

I will do the next process tonight. I forgot to mention that when I try to go to windowsupdate.microsoft.com it takes me to a window describing how to turn on Auto update but never goes to the windows update page which I have tried to do numerous times in an attempt to update .NET Framework which seems to be a major problem in trying to remove/install/reinstall any versions which I believe to be the main cause of much of the errors the computer receives.

Edited by velidar, 23 March 2011 - 01:23 PM.


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:08 PM

Posted 23 March 2011 - 01:28 PM

Thank you for the extra information. Please post when ready. :)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 velidar

velidar
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 24 March 2011 - 08:42 AM

The TDSSKiller.exe found nothing so I ran MBAM...


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6146

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/24/2011 6:40:06 AM
mbam-log-2011-03-24 (06-40-06).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|)
Objects scanned: 301303
Time elapsed: 8 hour(s), 9 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


------------------------------------------------------------------------------


Infected have been removed.

Edited by velidar, 24 March 2011 - 08:43 AM.


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:08 PM

Posted 24 March 2011 - 10:19 AM

Hi again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 velidar

velidar
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 25 March 2011 - 12:15 AM

Greetings, here is the new info!



ComboFix 11-03-24.01 - Cindy 03/24/2011 16:59:13.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1905 [GMT -8:00]
Running from: c:\documents and settings\Cindy\My Documents\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files\Setup.exe
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\Data
c:\windows\XSxS
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_$SYS$ARIES
-------\Legacy_$SYS$DRMSERVER
-------\Legacy_CD_PROXY
.
.
((((((((((((((((((((((((( Files Created from 2011-02-25 to 2011-03-25 )))))))))))))))))))))))))))))))
.
.
2011-03-24 00:31 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-24 00:31 . 2011-03-24 00:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-24 00:31 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-23 04:56 . 2011-03-23 04:56 -------- d-----w- c:\program files\ACW
2011-03-23 02:17 . 2011-03-23 02:18 -------- d-----w- C:\RkUnhooker
2011-03-23 00:50 . 2011-03-23 01:59 34560 ----a-w- c:\windows\system32\drivers\Normandy.sys
2011-03-21 03:16 . 2011-03-21 03:16 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-03-21 03:16 . 2011-03-21 03:16 -------- d-----w- c:\documents and settings\Cindy\Application Data\Leadertech
2011-03-21 03:16 . 2011-03-21 05:21 -------- d-----w- c:\documents and settings\Cindy\Application Data\Desperate Housewives
2011-03-21 03:08 . 2011-03-21 03:08 -------- d-----w- c:\program files\Buena Vista Games
2011-03-21 03:08 . 2011-03-21 03:08 -------- d-----w- c:\documents and settings\Cindy\Application Data\InstallShield
2011-03-21 02:36 . 2011-03-21 03:08 -------- d-----w- c:\documents and settings\Cindy\Local Settings\Application Data\AskToolbar
2011-03-21 01:51 . 2011-03-21 01:51 -------- d-----w- c:\program files\Ask.com
2011-03-21 01:50 . 2011-03-21 01:50 -------- d-----w- c:\program files\SmartTweak Software
2011-03-21 01:50 . 2011-03-21 01:50 -------- d-----w- c:\documents and settings\Cindy\Local Settings\Application Data\PackageAware
2011-03-18 05:38 . 2010-02-09 06:59 56200 ----a-w- c:\windows\system32\offreg.dll
2011-03-12 02:53 . 2011-03-25 00:55 -------- d-----w- c:\program files\Blue Coat K9 Web Protection
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-15 23:24 . 2010-04-25 03:26 87688 ----a-w- c:\windows\system32\IncContxMenu.dll
2011-03-15 23:23 . 2010-04-25 03:26 11776 ----a-w- c:\windows\system32\smrgdf.exe
2011-03-15 23:23 . 2010-04-25 03:26 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2011-03-15 23:21 . 2010-04-25 03:26 2234552 ----a-w- c:\windows\system32\Incinerator.dll
2011-02-09 13:53 . 2002-08-29 10:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2002-08-29 10:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2002-08-29 10:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2002-08-29 10:00 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2002-08-29 10:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2002-08-29 10:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2002-08-29 10:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-08-20 04:10 . 2010-08-20 04:07 321320604 ----a-w- c:\program files\TalismanOnline_1652_Setup.exe
2010-08-13 05:11 . 2010-08-13 05:10 1967440 ----a-w- c:\program files\zynga_toolbar.exe
2010-02-28 07:47 . 2010-02-28 07:47 5115824 ----a-w- c:\program files\mbam-setup.exe
2010-01-30 20:56 . 2010-01-30 20:56 9732720 ----a-w- c:\program files\rminstall.exe
2005-08-31 01:24 . 2005-08-31 01:25 774144 -c--a-w- c:\program files\RngInterstitial.dll
2005-03-17 22:57 . 2005-03-17 22:57 1130798 -c--a-w- c:\program files\constantine_setup.exe
2004-08-20 21:31 . 2004-08-20 21:31 1739715 -c--a-w- c:\program files\atwt_screensaver.exe
2010-10-14 06:28 . 2011-02-21 06:35 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2010-12-02 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 06:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-08-31 180269]
"HostManager"="c:\program files\Common Files\AOL\1100995443\ee\AOLSoftware.exe" [2009-07-20 41264]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-01-18 1193848]
"Disc Detector"="c:\program files\Creative\ShareDLL\CtNotify.exe" [2001-12-26 191488]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2008-05-16 86016]
.
c:\windows\SYSTEM32\CONFIG\systemprofile\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
TotalMedia Backup Monitor.lnk - c:\program files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [2008-6-2 270336]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CallWave.lnk]
backup=c:\windows\pss\CallWave.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eBay Toolbar.LNK]
backup=c:\windows\pss\eBay Toolbar.LNKCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Internet Answering Machine.lnk]
backup=c:\windows\pss\Internet Answering Machine.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-12-17 17:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\aol\ACS\AOLDial.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2004-07-19 15:51 306688 ----a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
2002-04-03 06:01 135264 -c--a-w- c:\program files\Creative\SBLive\Diagnostics\diagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
2002-08-14 23:22 28672 -c--a-r- c:\windows\SYSTEM32\DSentry.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2009-07-20 19:52 14128 ----a-w- c:\program files\Common Files\aol\1100995443\EE\AOLHostManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2005-03-12 14:25 11776 ----a-w- c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2005-03-12 14:25 110592 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
2004-05-07 23:54 99480 ----a-w- c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAGENT]
2001-08-01 17:30 94208 -c--a-w- c:\program files\QUICKENW\qagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-08-31 06:01 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\MusicNetOnAOL\\client\\bin\\AOLMN.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0b\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\aol\\1100995443\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Common Files\\Adaptec Shared\\CreateCD\\CreateCD50.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Common Files\\aol\\1100995443\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\CallWave\\IAM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58800:TCP"= 58800:TCP:Pando Media Booster
"58800:UDP"= 58800:UDP:Pando Media Booster
"1056:TCP"= 1056:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 bckd;bckd;c:\windows\SYSTEM32\DRIVERS\bckd.sys [12/20/2010 2:43 PM 80272]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\SYSTEM32\DRIVERS\mfetdi2k.sys [2/20/2011 10:34 PM 84072]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/29/2002 2:00 AM 14336]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [12/20/2010 2:44 PM 1462544]
R2 Htsysm;Htsysm;c:\windows\SYSTEM32\HtsysmNT.sys [2/20/2011 12:32 PM 2304]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [4/24/2010 7:26 PM 724152]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [4/24/2010 7:26 PM 724152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2/20/2011 10:34 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2/20/2011 10:34 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2/20/2011 10:34 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [2/20/2011 10:35 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\SYSTEM32\mfevtps.exe [2/20/2011 10:04 PM 141792]
R2 mrtRate;mrtRate;c:\windows\SYSTEM32\DRIVERS\MrtRate.sys [9/26/2003 12:38 AM 34712]
R3 cfwids;McAfee Inc. cfwids;c:\windows\SYSTEM32\DRIVERS\cfwids.sys [2/20/2011 10:34 PM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\SYSTEM32\DRIVERS\mfefirek.sys [2/20/2011 10:34 PM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [2/20/2011 10:34 PM 88544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/21/2009 8:13 PM 135664]
S2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [2/28/2008 5:57 PM 18944]
S3 ldiskl;ldiskl;\??\c:\docume~1\Cindy\LOCALS~1\Temp\ldiskl.sys --> c:\docume~1\Cindy\LOCALS~1\Temp\ldiskl.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [2/20/2011 10:34 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [2/20/2011 10:34 PM 84264]
S3 rkhdrv40;Rootkit Unhooker Driver; [x]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-01-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:34]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 04:13]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 04:13]
.
2011-03-25 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-29 06:44]
.
2008-02-03 c:\windows\Tasks\WebReg Photosmart D7100 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-02-19 00:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/?ref=logo
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} - hxxp://thesims.ea.com/teleport/superstar/MaxisSuperstarTeleX.cab
FF - ProfilePath - c:\documents and settings\Cindy\Application Data\Mozilla\Firefox\Profiles\ud6kp8cu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-UpdateMyDrivers - c:\program files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-24 21:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = c:\program files\Creative\ShareDLL\CtNotify.exe?X???r???????????????E?@?Disc Detector?A????? ?A?? ????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A?0?????B???@?????P?????@?? ??????~?B~??????????@???????????????????B?????<???????????????????????????r?B
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-18526110-1008931058-1146325011-1007\Software\Yahoo\companion\Profiles\¬ ¾*<**`***\ButtonHistory]
"pop"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(588)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\wanmpsvc.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\rundll32.exe
c:\windows\BCMSMMSG.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Creative\ShareDLL\Mediadet.exe
c:\windows\system32\msiexec.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1100995443\ee\services\antiSpywareApp\ver2_0_27_1\AOLSP Scheduler.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2011-03-24 22:15:11 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-25 06:14
.
Pre-Run: 15,254,745,088 bytes free
Post-Run: 17,127,145,472 bytes free
.
- - End Of File - - 2297B8F0D4180BEF346D18DF9E40E08B

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:08 PM

Posted 25 March 2011 - 02:30 AM

Before continuing, can you please verify if your CD/DVD drive is still working (just test it with a few CD's).

I am asking because I see some leftovers of a Sony rootkit.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users