Active Search engine redirects

[Active] Search engine redirects

I have been having my search engine results redirected. Neither McAfee, Malbytes were not able to eliminate the issue. My machine also cannot connecto to windows updates. Other than that it is running just fine.

Thanks in advance for your support:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Dell at 15:41:37.62 on Sat 05/08/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1045 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dell\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {403059CB-1097-93EC-9A4A-DF849EC1CF05} - No File
BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO: {a0729639-d831-46c9-811b-9b0aa79fb45a} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {C2056704-36CA-48B3-AF53-5A2CA4AB2E10} - No File
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E713B0FF-3AAC-405F-AF44-EB1A9F7277E7} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - No File
TB: {52836EB0-631A-47B1-94A6-61F9D9112DAE} - No File
TB: {8dcb7100-df86-4384-8842-8fa844297b3f} - No File
TB: {a0729639-d831-46c9-811b-9b0aa79fb45a} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe "
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe "
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [DVDtoiPodConverter_upgrade] "c:\program files\e-zsoft\dvdtoipodconverter\DVDtoiPodConverter.exe" /upgrade
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe "
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe "
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe "
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [ezLife] rundll32 "iesgulal.dll ",,Run
mRun: [bbpofxhepkkj] c:\windows\system32\regsvr32.exe /s "c:\windows\system32\slibaguhge.dll "
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Save YouTube Video - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Save YouTube Video as MP3 - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: intuit.com\ttlc
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxsrvc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dell\applic~1\mozilla\firefox\profiles\ib12aaxi.default\
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - plugin: c:\documents and settings\dell\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-7-29 214664]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-6-18 565248]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-29 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-7-29 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-7-29 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-7-29 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-7-29 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-7-29 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-7-29 40552]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-7-29 34248]
S3 USB22LDR;M-Audio USB MIDISPORT 2x2 Loader;c:\windows\system32\drivers\usb22ldr.sys [2008-7-30 20936]

=============== Created Last 30 ================

2010-05-08 01:07:15 323 ----a-w- c:\windows\wininit.ini
2010-05-08 00:10:50 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-05-08 00:10:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-05-07 08:05:07 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-06 02:28:06 0 d-----w- c:\windows\system32\wbem\Repository
2010-05-06 02:02:28 0 d-s---w- C:\ComboFix
2010-04-28 00:19:48 0 d-----w- c:\program files\Trend Micro
2010-04-28 00:18:48 0 d-----w- C:\HJT
2010-04-27 22:16:29 0 d-----w- C:\cmdcons
2010-04-27 22:14:48 98816 ----a-w- c:\windows\sed.exe
2010-04-27 22:14:48 77312 ----a-w- c:\windows\MBR.exe
2010-04-27 22:14:48 256512 ----a-w- c:\windows\PEV.exe
2010-04-27 22:14:48 161792 ----a-w- c:\windows\SWREG.exe
2010-04-27 21:22:19 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-04-27 21:16:06 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-27 21:15:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-04-27 21:15:47 0 d-----w- c:\program files\Hitman Pro 3.5
2010-04-26 22:57:37 0 d-----w- c:\docume~1\dell\applic~1\Malwarebytes
2010-04-26 22:57:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-26 22:57:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 22:57:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-26 22:57:23 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-26 12:51:45 0 d-----w- c:\docume~1\alluse~1\applic~1\avG
2010-04-20 22:45:18 107 ----a-w- c:\windows\MYOKENT.INI
2010-04-18 20:01:41 0 d-----w- C:\Spelling Power Files
2010-04-18 20:01:41 0 d-----w- c:\program files\Castlemoyle Books
2010-04-17 16:24:56 0 d-----w- c:\program files\GPLGS
2010-04-17 16:24:31 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2010-04-17 16:24:22 0 d-----w- c:\program files\Acro Software
2010-04-17 07:47:48 0 d-----w- C:\PSFONTS
2010-04-17 07:47:17 0 d-----w- c:\program files\Finale PrintMusic 2010
2010-04-17 07:18:48 0 d-----w- c:\program files\Rallentando Software
2010-04-17 07:18:04 54 ----a-w- c:\windows\Composer.INI
2010-04-17 07:17:57 0 d-----w- c:\program files\Notation
2010-04-10 20:51:39 5120 --sha-w- c:\windows\system32\Thumbs.db
2010-04-10 20:51:34 9216 --sha-w- c:\windows\Thumbs.db

==================== Find3M ====================

2010-04-28 22:15:18 16384 ----a-w- c:\windows\system32\lgfwunis.exe
2010-04-27 04:12:43 30092 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-31 22:04:49 51304 ----a-w- c:\windows\system32\drivers\atnt40k.sys
2010-03-31 22:04:43 202832 ----a-w- c:\windows\system32\atasnt40.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-07 02:02:36 608723 ----a-w- c:\program files\unins000.dat
2010-03-07 01:54:05 695523 ----a-w- c:\program files\unins000.exe
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-01-02 15:31:31 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-01-20 01:08:11 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011920090120\index.dat

============= FINISH: 15:43:20.67 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/10/2007 4:30:31 PM
System Uptime: 5/7/2010 9:08:43 PM (18 hours ago)

Motherboard: Dell Inc. | | 0G5611
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 87.191 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 144 GiB total, 31.828 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP522: 2/7/2010 2:33:21 PM - System Checkpoint
RP523: 2/8/2010 2:57:22 PM - System Checkpoint
RP524: 2/9/2010 5:55:27 PM - Software Distribution Service 3.0
RP525: 2/10/2010 3:00:16 AM - Software Distribution Service 3.0
RP526: 2/11/2010 3:01:30 AM - System Checkpoint
RP527: 2/12/2010 4:01:31 AM - System Checkpoint
RP528: 2/12/2010 10:32:36 AM - Installed Clifford Phonics
RP529: 2/13/2010 11:43:08 AM - System Checkpoint
RP530: 2/14/2010 12:13:36 PM - System Checkpoint
RP531: 2/15/2010 2:15:59 PM - System Checkpoint
RP532: 2/16/2010 3:01:35 PM - System Checkpoint
RP533: 2/17/2010 3:41:01 PM - System Checkpoint
RP534: 2/18/2010 4:39:55 PM - System Checkpoint
RP535: 2/19/2010 5:33:19 PM - System Checkpoint
RP536: 2/20/2010 5:33:25 PM - System Checkpoint
RP537: 2/21/2010 7:55:15 PM - System Checkpoint
RP538: 2/22/2010 8:15:58 PM - System Checkpoint
RP539: 2/23/2010 8:33:25 PM - System Checkpoint
RP540: 2/24/2010 3:00:15 AM - Software Distribution Service 3.0
RP541: 2/25/2010 3:13:28 AM - System Checkpoint
RP542: 2/26/2010 4:13:28 AM - System Checkpoint
RP543: 2/27/2010 5:37:28 AM - System Checkpoint
RP544: 2/28/2010 6:13:34 AM - System Checkpoint
RP545: 3/1/2010 11:07:46 AM - System Checkpoint
RP546: 3/2/2010 12:03:23 PM - System Checkpoint
RP547: 3/3/2010 7:05:18 PM - System Checkpoint
RP548: 3/5/2010 9:32:10 AM - System Checkpoint
RP549: 3/6/2010 12:22:59 PM - System Checkpoint
RP550: 3/6/2010 1:41:22 PM - Installed Miroslav Philharmonik
RP551: 3/6/2010 2:53:52 PM - Installed TurboTax 2009 wrapper
RP552: 3/6/2010 2:55:13 PM - Installed TurboTax 2009 WinPerReleaseEngine
RP553: 3/6/2010 2:57:45 PM - Installed TurboTax 2009 WinPerFedFormset
RP554: 3/6/2010 2:59:57 PM - Installed TurboTax 2009 WinPerTaxSupport
RP555: 3/8/2010 1:26:40 PM - System Checkpoint
RP556: 3/9/2010 9:04:42 PM - System Checkpoint
RP557: 3/10/2010 3:00:16 AM - Software Distribution Service 3.0
RP558: 3/11/2010 3:48:06 PM - System Checkpoint
RP559: 3/12/2010 5:23:56 PM - System Checkpoint
RP560: 3/13/2010 6:34:55 PM - Installed TurboTax 2009 wctiper
RP561: 3/14/2010 9:46:16 PM - System Checkpoint
RP562: 3/15/2010 10:18:00 PM - System Checkpoint
RP563: 3/17/2010 3:37:48 AM - System Checkpoint
RP564: 3/19/2010 8:17:06 AM - System Checkpoint
RP565: 3/20/2010 2:26:59 PM - System Checkpoint
RP566: 3/21/2010 10:51:50 PM - System Checkpoint
RP567: 3/23/2010 4:14:54 PM - System Checkpoint
RP568: 3/24/2010 6:28:17 PM - System Checkpoint
RP569: 3/25/2010 7:32:54 PM - System Checkpoint
RP570: 3/26/2010 8:36:16 PM - System Checkpoint
RP571: 3/28/2010 10:08:03 AM - System Checkpoint
RP572: 3/29/2010 10:22:52 AM - System Checkpoint
RP573: 3/30/2010 2:50:53 PM - System Checkpoint
RP574: 3/30/2010 6:39:33 PM - Installed Windows Media Format 9 Series Runtime Setup
RP575: 3/31/2010 3:00:17 AM - Software Distribution Service 3.0
RP576: 4/1/2010 4:20:47 AM - System Checkpoint
RP577: 4/2/2010 4:17:04 PM - System Checkpoint
RP578: 4/5/2010 1:34:21 PM - System Checkpoint
RP579: 4/6/2010 1:40:39 PM - System Checkpoint
RP580: 4/7/2010 2:40:39 PM - System Checkpoint
RP581: 4/8/2010 6:24:20 PM - System Checkpoint
RP582: 4/9/2010 6:51:18 PM - System Checkpoint
RP583: 4/10/2010 7:51:18 PM - System Checkpoint
RP584: 4/11/2010 9:08:08 PM - System Checkpoint
RP585: 4/12/2010 10:32:08 PM - System Checkpoint
RP586: 4/13/2010 10:51:18 PM - System Checkpoint
RP587: 4/14/2010 10:53:20 PM - System Checkpoint
RP588: 4/15/2010 3:00:23 AM - Software Distribution Service 3.0
RP589: 4/16/2010 3:13:33 AM - System Checkpoint
RP590: 4/17/2010 5:12:21 AM - System Checkpoint
RP591: 4/17/2010 12:24:28 PM - Printer Driver CutePDF Writer Installed
RP592: 4/18/2010 12:25:08 PM - System Checkpoint
RP593: 4/19/2010 12:29:38 PM - System Checkpoint
RP594: 4/20/2010 1:06:52 PM - System Checkpoint
RP595: 4/20/2010 4:27:52 PM - Installed MIDI Yoke
RP596: 4/21/2010 4:35:06 PM - System Checkpoint
RP597: 4/22/2010 7:06:55 PM - System Checkpoint
RP598: 4/23/2010 10:57:33 PM - System Checkpoint
RP599: 4/24/2010 11:36:20 PM - System Checkpoint
RP600: 4/26/2010 12:35:13 AM - System Checkpoint
RP601: 4/27/2010 1:42:36 AM - System Checkpoint
RP602: 4/27/2010 8:19:47 PM - Installed HiJackThis
RP603: 4/28/2010 9:02:56 PM - System Checkpoint
RP604: 4/30/2010 5:29:40 PM - System Checkpoint
RP605: 5/2/2010 8:49:14 AM - System Checkpoint
RP606: 5/3/2010 9:36:14 AM - System Checkpoint
RP607: 5/4/2010 10:36:12 AM - System Checkpoint
RP608: 5/5/2010 10:27:05 PM - Restore Operation
RP609: 5/6/2010 11:59:13 PM - System Checkpoint
RP610: 5/7/2010 3:48:13 AM - Installed MIDI Yoke
RP611: 5/7/2010 4:04:11 AM - Installed Java(TM) 6 Update 20

==== Installed Programs ======================


7-Zip 4.57
ABBYY FineReader 6.0 Sprint
Acrobat.com
Ad-Aware 2007
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop Elements
Adobe Reader 9.3.2
Adobe Shockwave Player 11.5
Adobe SVG Viewer
Adventures in Typing with Timon and Pumbaa
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AQUAZONE
Audio/Video Conference 4.2+
AviSynth 2.5
AX3000G SoundEditor 1.01
Band-in-a-Box 2006
Bonjour
Broadcom Gigabit Integrated Controller
Cakewalk VST Adapter 4
CCleaner
CDXtract 4 demo
ComboSister DEMO Version 1.40
Coupon Printer for Windows
Dell Photo AIO Printer 924
Digital Sound Factory Volume 5 Studio Orchestra
Dimension Pro 1.2
Dimension Pro XP1
Dimension Pro XP2
Disney's Ready for Math with Pooh
DreamStation DXi2
Driver Detective
Driver Genius Professional Edition
DVD Suite
Edirol HQ Orchestral v1.01
Enigma
Extreme Sample Converter 3.5.9
Family Tree Maker 9.0
Free DVD Decrypter version 1.3
Free FLV to iPod Converter
Free M4a to MP3 Converter 6.0
Free Studio version 4.2
Free YouTube to iPod Converter version 3.1
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 4.1.0.366
Grand Electrix version 1.0.0.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel(R) Graphics Media Accelerator Driver
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
LG ODD Auto Firmware Update
Linksys EasyLink Advisor 1.5 (1044)
LTspice IV
M-Tron
Malwarebytes' RogueRemover
Math Blaster Ages 4-6
McAfee SecurityCenter
Meeting Service
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft UI Engine
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
MIDI Yoke
Miroslav Philharmonik
MobileMe Control Panel
Mozilla Firefox (3.6.3)
MSM32Installer
MSN
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
My First CD-ROM - Toddler
Native Instruments B4 II
Native Instruments FM7
Native Instruments FM8
Native Instruments Guitar Rig 3
Native Instruments Reaktor 5
Native Instruments Service Center
Nero 7 Essentials
neroxml
OLYMPUS Master 2
OpenOffice.org 2.4
PCFriendly
PG Music DirectX Plugins 1.3.4.1
Photodex Presenter
PowerDVD
PowerProducer
Project5 Version 2
Project5 Version 2.5
ProShow Gold
QuickTime
Rapture 1.1
RealPlayer
Safari
SampleTron
Scholastic's I SPY Junior
School House Rock Grammar Rock
Secret Composer
SecurDisc Viewer
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Series II MIDI
SONAR 5 Producer Edition
SONAR 8.5 Producer
SoundMAX
Spybot - Search & Destroy
Tone Stack Calculator
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 wctiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Videora iPod Converter 4.06
Visio Technical
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format Runtime
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Install Manager
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

5/7/2010 7:59:24 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/5/2010 7:05:47 PM, error: Print [6161] - The document Food-Phytates-Version-1[1].pdf owned by Dell failed to print on printer Dell Photo AIO Printer 924. Data type: LEMF. Size of the spool file in bytes: 66637773. Number of bytes printed: 0. Total number of pages in the document: 45. Number of pages printed: 3. Client machine: \\DELL-6C9970A46C. Win32 error code returned by the print processor: 0 (0x0).
5/5/2010 10:06:06 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
5/5/2010 10:06:06 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
5/5/2010 10:04:26 PM, error: Service Control Manager [7034] - The ScsiAccess service terminated unexpectedly. It has done this 1 time(s).
5/4/2010 4:21:22 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
5/1/2010 10:40:42 AM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

==== End Of File ===========================

 

Hi. Please post the malwarebytes log.

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

I had not run Malware in a few days and when I did just now it found some issues. But even after it ran and power was cycled I again got a secondary window when posting this message.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4080

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/9/2010 12:42:04 AM
mbam-log-2010-05-09 (00-42-04).txt

Scan type: Full scan (C:\|)
Objects scanned: 323970
Time elapsed: 2 hour(s), 13 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a9722a0d-365f-47d2-b70b-37d046316d99} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ezLife (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adhlpr.adhlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adhlpr.adhlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2056704-36ca-48b3-af53-5a2ca4ab2e10} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e713b0ff-3aac-405f-af44-eb1a9f7277e7} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ezlife (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bbpofxhepkkj (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7F6DMZGX\packupdate_build107_302[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.


OTL.TXT

OTL logfile created on: 5/9/2010 12:47:07 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Dell\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 87.16 Gb Free Space | 37.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 144.30 Gb Total Space | 31.83 Gb Free Space | 22.06% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL-6C9970A46C
Current User Name: Dell
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/08 22:28:24 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dell\Desktop\OTL.exe
PRC - [2010/04/28 18:14:30 | 000,557,056 | ---- | M] (BitLeader) -- C:\Program Files\lg_fwupdate\fwupdate.exe
PRC - [2009/12/08 22:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/08/07 18:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/10/03 22:24:15 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/10/02 21:08:02 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/07/29 21:28:48 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/18 16:51:50 | 000,565,248 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2006/12/23 19:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/23 19:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006/10/30 11:01:16 | 000,392,832 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2005/10/28 08:41:52 | 000,491,520 | ---- | M] ( ) -- C:\WINDOWS\system32\dlcccoms.exe
PRC - [2005/10/21 11:40:26 | 000,430,080 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
PRC - [2004/10/14 15:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe


========== Modules (SafeList) ==========

MOD - [2010/05/08 22:28:24 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dell\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/07 18:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/07/29 21:28:48 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2007/06/18 16:51:50 | 000,565,248 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2005/10/28 08:41:52 | 000,491,520 | ---- | M] ( ) [On_Demand | Running] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)


========== Driver Services (SafeList) ==========

DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/09/15 21:44:12 | 000,028,672 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\goprot51.sys -- (GoProto)
DRV - [2008/04/13 14:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/14 16:20:08 | 000,020,936 | ---- | M] (MIDIMAN) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb22ldr.sys -- (USB22LDR)
DRV - [2007/11/14 16:20:04 | 000,031,752 | ---- | M] (M-Audio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ma_cmidi.sys -- (MA_CMIDI)
DRV - [2006/05/10 16:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/06/09 08:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/04/20 19:47:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/10/02 21:08:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/01/09 06:56:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/07 19:38:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/07 19:38:39 | 000,000,000 | ---D | M]

[2010/05/07 19:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dell\Application Data\Mozilla\Extensions
[2010/05/07 19:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\ib12aaxi.default\extensions
[2010/05/07 19:43:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\ib12aaxi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/07 19:38:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/04/27 18:29:17 | 000,000,021 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {403059CB-1097-93EC-9A4A-DF849EC1CF05} - No CLSID value found.
O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (no name) - {a0729639-d831-46c9-811b-9b0aa79fb45a} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {a0729639-d831-46c9-811b-9b0aa79fb45a} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKLM..\Run: [DVDtoiPodConverter_upgrade] C:\Program Files\E-Zsoft\DVDtoiPodConverter\DVDtoiPodConverter.exe (E-Z soft)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Save YouTube Video - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dell\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dell\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/10 16:28:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ace42682-5dd1-11dd-b176-000f1fe94a7b}\Shell - " " = AutoRun
O33 - MountPoints2\{ace42682-5dd1-11dd-b176-000f1fe94a7b}\Shell\AutoRun - " " = Auto&Play
O33 - MountPoints2\{ace42682-5dd1-11dd-b176-000f1fe94a7b}\Shell\AutoRun\command - " " = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/10/10 16:27:58 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/08 22:28:08 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dell\Desktop\OTL.exe
[2010/05/07 20:10:50 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/05/07 20:10:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/05/07 20:09:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\My Documents\Downloads
[2010/05/07 20:05:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dell\Recent
[2010/05/07 19:38:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\Local Settings\Application Data\Mozilla
[2010/05/07 19:15:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\My Documents\REgistry backups
[2010/05/07 04:05:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/05 22:02:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/05 22:02:28 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/05/04 18:25:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/05/04 00:25:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/05/04 00:25:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/04/28 16:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/04/28 15:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/04/28 10:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/27 20:19:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/27 20:18:48 | 000,000,000 | ---D | C] -- C:\HJT
[2010/04/27 18:16:29 | 000,000,000 | ---D | C] -- C:\cmdcons
[2010/04/27 18:14:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/27 18:14:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/27 18:14:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/27 18:14:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/27 18:13:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/27 17:22:19 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/04/27 17:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/04/27 17:15:47 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/04/27 17:15:37 | 005,937,984 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Dell\Desktop\HitmanPro35.exe
[2010/04/26 23:51:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/04/26 18:57:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\Application Data\Malwarebytes
[2010/04/26 18:57:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/26 18:57:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 18:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/26 18:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/26 08:57:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/26 08:57:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/26 08:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avG
[2010/04/26 08:51:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\Local Settings\Application Data\avG
[2010/04/18 16:01:41 | 000,000,000 | ---D | C] -- C:\Spelling Power Files
[2010/04/18 16:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Castlemoyle Books
[2010/04/17 12:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\Local Settings\Application Data\CutePDF Writer
[2010/04/17 12:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS
[2010/04/17 12:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\Acro Software
[2010/04/17 03:47:48 | 000,000,000 | ---D | C] -- C:\PSFONTS
[2010/04/17 03:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\Finale PrintMusic 2010
[2010/04/17 03:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\Rallentando Software
[2010/04/17 03:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\My Documents\Rallentando Software
[2010/04/17 03:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\Notation
[2010/04/04 22:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\My Documents\FXpansion
[2010/04/04 22:33:21 | 000,000,000 | ---D | C] -- C:\Program Files\FXpansion
[2010/04/04 22:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\Application Data\FXpansion
[2010/04/04 16:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\Edirol
[2010/04/02 15:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\Secret Composer
[2010/03/31 21:46:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/03/31 18:05:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\My Documents\WebEx
[2010/03/31 18:04:34 | 000,202,832 | ---- | C] (WebEx Communications, Inc) -- C:\WINDOWS\System32\atasnt40.dll
[2010/03/30 19:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\TruePianos Settings
[2010/03/30 18:46:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{E0C041D8-7EFB-4E8C-A20F-651F5AD0B7C1}
[2010/03/30 18:45:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{902029B2-957E-4066-85FA-30DA31731718}
[2010/03/07 17:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/03/06 15:53:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\Local Settings\Application Data\IsolatedStorage
[2010/02/25 00:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\Local Settings\Application Data\Temp
[2010/02/10 04:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2008/07/30 18:48:35 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll
[2008/07/30 18:48:33 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll
[2008/07/30 18:48:33 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll
[2008/07/30 18:48:32 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll
[2008/07/30 18:48:32 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll
[2008/07/30 18:48:32 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll
[2008/07/30 18:48:31 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll
[2008/07/30 18:48:31 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll
[2008/07/30 18:48:31 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/09 00:46:16 | 000,034,275 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/05/09 00:46:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/09 00:45:18 | 000,000,361 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2010/05/09 00:45:09 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/09 00:45:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/09 00:44:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/09 00:44:03 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\Dell\NTUSER.DAT
[2010/05/09 00:43:28 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Dell\ntuser.ini
[2010/05/08 23:59:10 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/08 22:28:24 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dell\Desktop\OTL.exe
[2010/05/08 22:26:26 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/08 15:38:43 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\dds.scr
[2010/05/07 21:07:18 | 000,000,323 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/05/07 20:10:56 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\Spybot - Search & Destroy.lnk
[2010/05/07 19:39:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/05/07 19:38:42 | 000,001,607 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/07 19:34:27 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/06 23:11:11 | 000,027,792 | ---- | M] () -- C:\Documents and Settings\Dell\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/05 22:29:16 | 000,151,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/05 22:06:21 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/03 19:30:55 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/01 01:00:34 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/04/30 21:25:51 | 000,002,387 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2010/04/30 20:59:28 | 000,000,624 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/30 20:59:20 | 000,000,074 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 18:15:18 | 000,016,384 | ---- | M] (BitLeader) -- C:\WINDOWS\System32\lgfwunis.exe
[2010/04/27 20:19:50 | 000,001,982 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\HiJackThis.lnk
[2010/04/27 19:12:35 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/04/27 19:07:16 | 000,009,764 | -HS- | M] () -- C:\Documents and Settings\Dell\Local Settings\Application Data\UsIG2
[2010/04/27 19:07:16 | 000,009,764 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\UsIG2
[2010/04/27 18:29:17 | 000,000,021 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/27 18:23:25 | 000,899,695 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\XDelBox.zip
[2010/04/27 18:16:41 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/27 17:15:46 | 005,937,984 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Dell\Desktop\HitmanPro35.exe
[2010/04/27 00:12:43 | 000,030,092 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/27 00:11:16 | 000,002,391 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/04/26 16:52:41 | 000,010,926 | -HS- | M] () -- C:\Documents and Settings\Dell\Local Settings\Application Data\LS6hh08
[2010/04/26 16:52:41 | 000,010,926 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\LS6hh08
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/22 23:10:53 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/22 23:10:47 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Dell\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/20 18:45:18 | 000,000,107 | ---- | M] () -- C:\WINDOWS\MYOKENT.INI
[2010/04/19 22:00:56 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Notation Composer.lnk
[2010/04/18 16:01:49 | 000,001,206 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\Spelling Power Printable Resources.lnk
[2010/04/18 16:01:48 | 000,001,156 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\Spelling Power Searchable Word List.lnk
[2010/04/18 16:01:48 | 000,001,070 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\Spelling Power Digital Spelling Tutor.lnk
[2010/04/17 03:18:57 | 000,005,090 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ronomdwa.tbp
[2010/04/17 03:18:51 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\MidiIllustrator Virtuoso.lnk
[2010/04/17 03:18:04 | 000,000,054 | ---- | M] () -- C:\WINDOWS\Composer.INI
[2010/04/15 01:33:44 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/04/13 21:42:34 | 000,000,032 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss
[2010/04/13 21:42:34 | 000,000,032 | ---- | M] () -- C:\WINDOWS\System32\msvcsv60.dll
[2010/04/13 21:42:34 | 000,000,032 | ---- | M] () -- C:\WINDOWS\msocreg32.dat
[2010/04/04 22:33:46 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\Strobe.lnk
[2010/04/04 22:33:46 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\Cypher.lnk
[2010/04/04 22:33:46 | 000,001,667 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\Fusor.lnk
[2010/04/04 22:33:46 | 000,001,667 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\Amber.lnk
[2010/04/02 15:03:37 | 000,001,669 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\Secret Composer.lnk
[2010/03/31 18:04:49 | 000,051,304 | ---- | M] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2010/03/31 18:04:43 | 000,202,832 | ---- | M] (WebEx Communications, Inc) -- C:\WINDOWS\System32\atasnt40.dll
[2010/03/30 18:46:10 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Guitar Rig 3.lnk
[2010/03/30 18:39:40 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/03/30 18:38:18 | 000,001,774 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SONAR 8.5 Producer.lnk
[2010/03/28 09:10:53 | 000,000,066 | ---- | M] () -- C:\WINDOWS\BBW_INFO.INI
[2010/03/14 15:06:51 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 15:06:51 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 15:06:50 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/06 22:02:36 | 000,608,723 | ---- | M] () -- C:\Program Files\unins000.dat
[2010/03/06 21:54:05 | 000,695,523 | ---- | M] () -- C:\Program Files\unins000.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/08 15:37:54 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\dds.scr
[2010/05/07 21:07:15 | 000,000,323 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/05/07 20:10:56 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\Spybot - Search & Destroy.lnk
[2010/05/07 19:39:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/07 19:38:42 | 000,001,607 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/27 20:19:50 | 000,001,982 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\HiJackThis.lnk
[2010/04/27 19:05:14 | 000,009,764 | -HS- | C] () -- C:\Documents and Settings\Dell\Local Settings\Application Data\UsIG2
[2010/04/27 19:05:14 | 000,009,764 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\UsIG2
[2010/04/27 18:23:21 | 000,899,695 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\XDelBox.zip
[2010/04/27 18:16:40 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/27 18:16:34 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/27 18:14:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/27 18:14:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/27 18:14:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/27 18:14:48 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/27 18:14:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/27 17:16:06 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/27 00:11:16 | 000,002,391 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/04/26 18:57:29 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/26 08:51:49 | 000,010,926 | -HS- | C] () -- C:\Documents and Settings\Dell\Local Settings\Application Data\LS6hh08
[2010/04/26 08:51:49 | 000,010,926 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\LS6hh08
[2010/04/20 18:45:18 | 000,000,107 | ---- | C] () -- C:\WINDOWS\MYOKENT.INI
[2010/04/19 22:00:56 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Notation Composer.lnk
[2010/04/18 16:01:48 | 000,001,206 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\Spelling Power Printable Resources.lnk
[2010/04/18 16:01:48 | 000,001,156 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\Spelling Power Searchable Word List.lnk
[2010/04/18 16:01:48 | 000,001,070 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\Spelling Power Digital Spelling Tutor.lnk
[2010/04/17 12:24:31 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/04/17 03:18:57 | 000,005,090 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ronomdwa.tbp
[2010/04/17 03:18:51 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\MidiIllustrator Virtuoso.lnk
[2010/04/17 03:18:04 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Composer.INI
[2010/04/04 22:33:46 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\Strobe.lnk
[2010/04/04 22:33:46 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\Cypher.lnk
[2010/04/04 22:33:46 | 000,001,667 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\Amber.lnk
[2010/04/04 22:33:45 | 000,001,667 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\Fusor.lnk
[2010/04/02 15:03:37 | 000,001,669 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\Secret Composer.lnk
[2010/03/31 18:04:49 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2010/03/30 18:46:10 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Guitar Rig 3.lnk
[2010/03/30 18:38:18 | 000,001,774 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SONAR 8.5 Producer.lnk
[2010/03/07 00:57:43 | 001,893,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/06 21:50:45 | 000,695,523 | ---- | C] () -- C:\Program Files\unins000.exe
[2010/03/06 21:50:44 | 000,608,723 | ---- | C] () -- C:\Program Files\unins000.dat
[2010/03/06 15:57:07 | 000,002,387 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2009/10/15 14:07:32 | 000,000,042 | ---- | C] () -- C:\WINDOWS\rkeeper.ini
[2009/10/15 14:05:44 | 000,094,720 | ---- | C] () -- C:\WINDOWS\System32\SH30W32.DLL
[2009/05/22 08:43:06 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2009/04/28 10:57:02 | 000,000,046 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2009/04/28 10:51:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2009/03/28 20:45:36 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2009/03/28 20:45:00 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2009/03/28 20:45:00 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2009/03/12 16:54:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/03/12 15:54:48 | 000,000,180 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/03/02 10:45:35 | 000,001,847 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009/02/19 20:08:41 | 000,003,844 | ---- | C] () -- C:\WINDOWS\scad3.INI
[2009/02/01 23:58:46 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/02/01 23:58:45 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/02/01 23:58:45 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\DVDIFOFilter.dll
[2008/12/28 14:15:45 | 000,000,361 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2008/12/12 21:17:18 | 000,000,066 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI
[2008/08/11 22:39:41 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/07/30 18:48:34 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2008/07/30 18:48:34 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2008/07/30 18:48:33 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2008/07/30 18:48:30 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2008/07/30 18:48:29 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2008/07/30 18:48:29 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2008/07/30 18:48:27 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2008/07/30 18:48:27 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2008/07/30 18:48:26 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2008/07/30 18:48:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2008/07/29 21:23:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/07 19:29:43 | 000,002,681 | ---- | C] () -- C:\WINDOWS\System32\ASPRTMM9.DLL
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== LOP Check ==========

[2010/04/27 19:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avG
[2008/07/29 22:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2010/03/30 18:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2010/04/27 17:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/05/30 09:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iPass
[2009/04/11 22:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2008/11/09 10:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/03/25 22:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/11/05 02:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/08 21:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/03/30 18:45:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{902029B2-957E-4066-85FA-30DA31731718}
[2010/03/30 18:46:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E0C041D8-7EFB-4E8C-A20F-651F5AD0B7C1}
[2010/04/15 01:33:44 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/05/01 01:00:34 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/01/19 20:42:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/01/19 20:42:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/01/19 20:42:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/01/19 20:42:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2007/10/10 10:46:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/10/10 10:46:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/10/10 10:46:08 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >

 

Extras.txt

OTL Extras logfile created on: 5/9/2010 12:47:07 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Dell\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 87.16 Gb Free Space | 37.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 144.30 Gb Total Space | 31.83 Gb Free Space | 22.06% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL-6C9970A46C
Current User Name: Dell
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Conference\Conference.dll" = C:\Program Files\Conference\Conference.dll:*:Enabled:Audio/Video Conference -- File not found
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNetisabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{171657E7-F9D9-11D9-81F0-0000F4602D00}" = AX3000G SoundEditor 1.01
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F145099-1224-4C5B-84F2-7AE6DC699F1A}" = Enigma
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33691AFF-9ABF-4278-BDB6-902EE07D9237}" = Native Instruments Guitar Rig 3
"{33705B76-43F9-44D3-8EB4-02409BE01033}" = Nero 7 Essentials
"{347429F2-6A1D-4B5B-A3B0-197FB30DCE98}" = Tone Stack Calculator
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{368AC670-EAA2-012B-AD34-000000000000}" = TurboTax 2009 wctiper
"{379BD39E-F13E-458F-96D8-56BD7F2CC516}" = Series II MIDI
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{46AC899A-9ECB-43DC-85DE-272E0D116A1E}" = Ad-Aware 2007
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55A75679-02D1-4C8C-85CA-B4E4DF4D775F}" = MSM32Installer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{81974750-D4B1-4690-B168-D31F9A599542}" = SampleTron
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD1DC2F-0D20-4C44-BEB9-3EEFA0EA1033}" = SecurDisc Viewer
"{AC1D8269-A50C-4C1E-88D6-1B6E1320FEE8}" = Adventures in Typing with Timon and Pumbaa
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BA0D0121-A3BA-487D-9C78-7AB0E676C722}" = Miroslav Philharmonik
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CBC85F2E-1981-4C55-9418-908D08D2C6E8}" = OLYMPUS Master 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{E5AD8006-E553-4709-835C-DB223887B821}" = OpenOffice.org 2.4
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EBEAFDCE-7E22-4055-BC60-CBF418D57BAB}" = MIDI Yoke
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack
"{F96010B3-9876-40B4-8992-37C9D7D26541}" = AQUAZONE
"7-Zip" = 7-Zip 4.57
"ActiveTouchMeetingClient" = Meeting Service
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer
"AviSynth" = AviSynth 2.5
"BB_is1" = Band-in-a-Box 2006
"Cakewalk Dimension Pro Expansion Pack 1_is1" = Dimension Pro XP1
"Cakewalk Dimension Pro Expansion Pack 2_is1" = Dimension Pro XP2
"Cakewalk Dimension Pro_is1" = Dimension Pro 1.2
"Cakewalk Rapture_is1" = Rapture 1.1
"Cakewalk VST Adapter 4.4.4.0" = Cakewalk VST Adapter 4
"CCleaner" = CCleaner
"CDXTRACT 4 demo_is1" = CDXtract 4 demo
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ComboSister DEMO VSTi V1.40_is1" = ComboSister DEMO Version 1.40
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924
"Digital Sound Factory Volume 5 Studio Orchestra_is1" = Digital Sound Factory Volume 5 Studio Orchestra
"DreamStation DXi2" = DreamStation DXi2
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.5 (1044)
"Edirol HQ Orchestral v1.01" = Edirol HQ Orchestral v1.01
"Extreme Sample Converter 3_is1" = Extreme Sample Converter 3.5.9
"Family Tree Maker" = Family Tree Maker 9.0
"Free DVD Decrypter_is1" = Free DVD Decrypter version 1.3
"Free FLV to iPod Converter_is1" = Free FLV to iPod Converter
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.0
"Free Studio_is1" = Free Studio version 4.2
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.1
"Grand Electrix Demo_is1" = Grand Electrix version 1.0.0.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"LTspice IV" = LTspice IV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Malwarebytes' RogueRemover FREE_is1" = Malwarebytes' RogueRemover
"mbjr32" = Math Blaster Ages 4-6
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSC" = McAfee SecurityCenter
"MSNINST" = MSN
"M-Tron" = M-Tron
"My First CD-ROM - Toddler" = My First CD-ROM - Toddler
"Native Instruments B4 II" = Native Instruments B4 II
"Native Instruments FM7" = Native Instruments FM7
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Service Center" = Native Instruments Service Center
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PCFriendly" = PCFriendly
"PG Music DirectX Plugins_is1" = PG Music DirectX Plugins 1.3.4.1
"Photodex Presenter" = Photodex Presenter
"Project5 Version 2" = Project5 Version 2
"Project5 Version 2.5" = Project5 Version 2.5
"ProShow Gold" = ProShow Gold
"Ready for Math with Pooh" = Disney's Ready for Math with Pooh
"RealPlayer 6.0" = RealPlayer
"Scholastic's I SPY Junior" = Scholastic's I SPY Junior
"School House Rock Grammar Rock" = School House Rock Grammar Rock
"Secret Composer" = Secret Composer
"SONAR 5 Producer Edition" = SONAR 5 Producer Edition
"SONAR85Producer_is1" = SONAR 8.5 Producer
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"Uninstall_is1" = Uninstall 1.0.0.1
"Videora iPod Converter" = Videora iPod Converter 4.06
"Visio Technical" = Visio Technical
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Audio/Video Conference" = Audio/Video Conference 4.2+
"GoToMeeting" = GoToMeeting 4.1.0.366

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/6/2010 8:13:33 PM | Computer Name = DELL-6C9970A46C | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x62160b80.

Error - 5/6/2010 8:18:38 PM | Computer Name = DELL-6C9970A46C | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Professional -- Error 1706. No valid
source could be found for product Microsoft Office 2000 Professional. The Windows
installer cannot continue.

Error - 5/6/2010 9:27:20 PM | Computer Name = DELL-6C9970A46C | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Professional -- Error 1706. No valid
source could be found for product Microsoft Office 2000 Professional. The Windows
installer cannot continue.

Error - 5/6/2010 9:27:24 PM | Computer Name = DELL-6C9970A46C | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Professional -- Error 1706. No valid
source could be found for product Microsoft Office 2000 Professional. The Windows
installer cannot continue.

Error - 5/6/2010 9:27:27 PM | Computer Name = DELL-6C9970A46C | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Professional -- Error 1706. No valid
source could be found for product Microsoft Office 2000 Professional. The Windows
installer cannot continue.

Error - 5/6/2010 9:58:43 PM | Computer Name = DELL-6C9970A46C | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Professional -- Error 1706. No valid
source could be found for product Microsoft Office 2000 Professional. The Windows
installer cannot continue.

Error - 5/7/2010 7:34:14 PM | Computer Name = DELL-6C9970A46C | Source = MsiInstaller | ID = 11704
Description = Product: Adobe Reader 9.3.2 -- Error 1704.An installation for Microsoft
Office 2000 Professional is currently suspended. You must undo the changes made
by that installation to continue. Do you want to undo those changes?

Error - 5/7/2010 7:59:23 PM | Computer Name = DELL-6C9970A46C | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 416 (0x1a0) Thread address : 0x120EC819 Thread message : Build VSCORE.14.0.0.435
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\Nero\Nero
7\SecurDisc Viewer\SecurDisc Viewer.exe by C:\WINDOWS\system32\rundll32.exe 4(0)(0)

4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 5/8/2010 11:17:32 PM | Computer Name = DELL-6C9970A46C | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 5268 (0x1494) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Gary\Digital_sound_Factory\Digital
Sound Factory Volume 5 Studio Orchestra.exe by C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 5/8/2010 11:52:11 PM | Computer Name = DELL-6C9970A46C | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2624 (0xa40) Thread address : 0x1205AF23 Thread message : Build VSCORE.14.0.0.435
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\Nero\Nero
7\SecurDisc Viewer\SecurDisc Viewer.exe by C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


[ System Events ]
Error - 5/7/2010 7:59:24 PM | Computer Name = DELL-6C9970A46C | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 5/7/2010 9:09:37 PM | Computer Name = DELL-6C9970A46C | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 5/7/2010 9:09:37 PM | Computer Name = DELL-6C9970A46C | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 5/7/2010 9:27:31 PM | Computer Name = DELL-6C9970A46C | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{445B19FB-14A5-49C9-9172-0C759540DBEB}. The
backup browser is stopping.

Error - 5/8/2010 11:17:49 PM | Computer Name = DELL-6C9970A46C | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 5/8/2010 11:52:16 PM | Computer Name = DELL-6C9970A46C | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 2 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 5/9/2010 12:45:16 AM | Computer Name = DELL-6C9970A46C | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 5/9/2010 12:45:16 AM | Computer Name = DELL-6C9970A46C | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 5/9/2010 12:45:54 AM | Computer Name = DELL-6C9970A46C | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde

Error - 5/9/2010 12:46:02 AM | Computer Name = DELL-6C9970A46C | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.


< End of report >

 

My error with a duplicate message.

 

Were you instructed to run Combofix by someone at another site, or did you run it yourself?
Can you post the log from it's scan please.

==

Run OTL

• Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
  
  
  Code:

  :OTL
  O2 - BHO: (no name) - {403059CB-1097-93EC-9A4A-DF849EC1CF05} - No CLSID value found.
  O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No CLSID value found.
  O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
  O2 - BHO: (no name) - {a0729639-d831-46c9-811b-9b0aa79fb45a} - No CLSID value found.
  O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - {a0729639-d831-46c9-811b-9b0aa79fb45a} - No CLSID value found.
  :Commands
  [Purity]
  [emptytemp]
  [resethosts]
  [Reboot]

• Then click the [color= "#FF0000"]Run Fix[/color] button at the top.
• Let the program run unhindered, reboot the PC when it is done.
• Post log from this run.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

==

Download HijackThis Executable from here. Save it to your desktop.
Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and then go to the format Tab and make sure that wordwrap is unchecked. Copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.

 

I was going to run Combofix but it did not completly run. There was no log file.

File from the RUN Fix Version of OTL.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{403059CB-1097-93EC-9A4A-DF849EC1CF05}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{403059CB-1097-93EC-9A4A-DF849EC1CF05}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a0729639-d831-46c9-811b-9b0aa79fb45a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0729639-d831-46c9-811b-9b0aa79fb45a}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{52836EB0-631A-47B1-94A6-61F9D9112DAE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52836EB0-631A-47B1-94A6-61F9D9112DAE}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{a0729639-d831-46c9-811b-9b0aa79fb45a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0729639-d831-46c9-811b-9b0aa79fb45a}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Dell
->Temp folder emptied: 7504722 bytes
->Temporary Internet Files folder emptied: 69156723 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42363416 bytes
->Apple Safari cache emptied: 8978847 bytes
->Flash cache emptied: 10007 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 890286 bytes
->Flash cache emptied: 5971 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 378755315 bytes
->Java cache emptied: 15322 bytes
->Flash cache emptied: 35633 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 61561200 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10933822 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1182 bytes

Total Files Cleaned = 555.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error: Unable to interpret <[Reboot> in the current context!

OTL by OldTimer - Version 3.2.4.1 log created on 05092010_085344

Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LR481LX7\www2_victoriassecret_com[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KORMSDGO\Rediscovering_China_20100104_part_1[1].flv moved successfully.
File\Folder C:\WINDOWS\temp\mcmsc_hX9kDO4cdzxKvHo not found!
File\Folder C:\WINDOWS\temp\mcmsc_IFsvGFU3Cyw8oq4 not found!
C:\WINDOWS\temp\MSI7dc9b.LOG moved successfully.

Registry entries deleted on Reboot...

 

Output from Quick Scan OTL Scan


OTL logfile created on: 5/9/2010 9:08:33 AM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Dell\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 87.62 Gb Free Space | 37.63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 144.30 Gb Total Space | 31.83 Gb Free Space | 22.06% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL-6C9970A46C
Current User Name: Dell
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/08 22:28:24 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dell\Desktop\OTL.exe
PRC - [2010/04/28 18:14:30 | 000,557,056 | ---- | M] (BitLeader) -- C:\Program Files\lg_fwupdate\fwupdate.exe
PRC - [2009/12/08 22:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/08/07 18:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/10/03 22:24:15 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/10/02 21:08:02 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/07/29 21:28:48 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/18 16:51:50 | 000,565,248 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2006/12/23 19:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/23 19:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006/10/30 11:01:16 | 000,392,832 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2005/10/28 08:41:52 | 000,491,520 | ---- | M] ( ) -- C:\WINDOWS\system32\dlcccoms.exe
PRC - [2005/10/21 11:40:26 | 000,430,080 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
PRC - [2004/10/14 15:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe


========== Modules (SafeList) ==========

MOD - [2010/05/08 22:28:24 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dell\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/07 18:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/07/29 21:28:48 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2007/06/18 16:51:50 | 000,565,248 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2005/10/28 08:41:52 | 000,491,520 | ---- | M] ( ) [On_Demand | Running] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)


========== Driver Services (SafeList) ==========

DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/09/15 21:44:12 | 000,028,672 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\goprot51.sys -- (GoProto)
DRV - [2008/04/13 14:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/14 16:20:08 | 000,020,936 | ---- | M] (MIDIMAN) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb22ldr.sys -- (USB22LDR)
DRV - [2007/11/14 16:20:04 | 000,031,752 | ---- | M] (M-Audio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ma_cmidi.sys -- (MA_CMIDI)
DRV - [2006/05/10 16:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/06/09 08:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/04/20 19:47:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/10/02 21:08:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/01/09 06:56:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/07 19:38:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/07 19:38:39 | 000,000,000 | ---D | M]

[2010/05/07 19:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dell\Application Data\Mozilla\Extensions
[2010/05/07 19:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\ib12aaxi.default\extensions
[2010/05/07 19:43:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\ib12aaxi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/07 19:38:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/05/09 08:57:55 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKLM..\Run: [DVDtoiPodConverter_upgrade] C:\Program Files\E-Zsoft\DVDtoiPodConverter\DVDtoiPodConverter.exe (E-Z soft)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Save YouTube Video - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dell\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dell\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/10 16:28:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ace42682-5dd1-11dd-b176-000f1fe94a7b}\Shell - " " = AutoRun
O33 - MountPoints2\{ace42682-5dd1-11dd-b176-000f1fe94a7b}\Shell\AutoRun - " " = Auto&Play
O33 - MountPoints2\{ace42682-5dd1-11dd-b176-000f1fe94a7b}\Shell\AutoRun\command - " " = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 90 Days ==========

[2010/05/09 08:53:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/08 22:28:08 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dell\Desktop\OTL.exe
[2010/05/07 20:10:50 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/05/07 20:10:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/05/07 20:09:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\My Documents\Downloads
[2010/05/07 20:05:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dell\Recent
[2010/05/07 19:38:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\Local Settings\Application Data\Mozilla
[2010/05/07 19:15:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\My Documents\REgistry backups
[2010/05/07 04:05:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/05 22:02:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/05 22:02:28 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/05/04 18:25:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/05/04 00:25:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/05/04 00:25:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/04/28 16:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/04/28 15:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/04/28 10:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/27 20:19:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/27 20:18:48 | 000,000,000 | ---D | C] -- C:\HJT
[2010/04/27 18:16:29 | 000,000,000 | ---D | C] -- C:\cmdcons
[2010/04/27 18:14:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/27 18:14:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/27 18:14:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/27 18:14:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/27 18:13:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/27 17:22:19 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/04/27 17:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/04/27 17:15:47 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/04/27 17:15:37 | 005,937,984 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Dell\Desktop\HitmanPro35.exe
[2010/04/26 23:51:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/04/26 18:57:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\Application Data\Malwarebytes
[2010/04/26 18:57:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/26 18:57:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 18:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/26 18:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/26 08:57:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/26 08:57:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/26 08:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avG
[2010/04/26 08:51:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\Local Settings\Application Data\avG
[2010/04/18 16:01:41 | 000,000,000 | ---D | C] -- C:\Spelling Power Files
[2010/04/18 16:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Castlemoyle Books
[2010/04/17 12:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\Local Settings\Application Data\CutePDF Writer
[2010/04/17 12:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS
[2010/04/17 12:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\Acro Software
[2010/04/17 03:47:48 | 000,000,000 | ---D | C] -- C:\PSFONTS
[2010/04/17 03:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\Finale PrintMusic 2010
[2010/04/17 03:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\Rallentando Software
[2010/04/17 03:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\My Documents\Rallentando Software
[2010/04/17 03:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\Notation
[2010/04/04 22:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\My Documents\FXpansion
[2010/04/04 22:33:21 | 000,000,000 | ---D | C] -- C:\Program Files\FXpansion
[2010/04/04 22:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\Application Data\FXpansion
[2010/04/04 16:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\Edirol
[2010/04/02 15:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\Secret Composer
[2010/03/31 21:46:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/03/31 18:05:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\My Documents\WebEx
[2010/03/31 18:04:34 | 000,202,832 | ---- | C] (WebEx Communications, Inc) -- C:\WINDOWS\System32\atasnt40.dll
[2010/03/30 19:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\TruePianos Settings
[2010/03/30 18:46:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{E0C041D8-7EFB-4E8C-A20F-651F5AD0B7C1}
[2010/03/30 18:45:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{902029B2-957E-4066-85FA-30DA31731718}
[2010/03/07 17:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/03/06 15:53:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\Local Settings\Application Data\IsolatedStorage
[2010/02/25 00:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\Local Settings\Application Data\Temp
[2010/02/10 04:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2008/07/30 18:48:35 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll
[2008/07/30 18:48:33 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll
[2008/07/30 18:48:33 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll
[2008/07/30 18:48:32 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll
[2008/07/30 18:48:32 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll
[2008/07/30 18:48:32 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll
[2008/07/30 18:48:31 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll
[2008/07/30 18:48:31 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll
[2008/07/30 18:48:31 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll

========== Files - Modified Within 90 Days ==========

[2010/05/09 09:03:16 | 000,000,361 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2010/05/09 09:02:29 | 000,034,275 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/05/09 09:02:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/09 09:01:16 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/09 09:01:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/09 09:01:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/09 08:59:52 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\Dell\NTUSER.DAT
[2010/05/09 08:59:52 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Dell\ntuser.ini
[2010/05/09 08:59:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/09 08:57:55 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/05/08 22:28:24 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dell\Desktop\OTL.exe
[2010/05/08 22:26:26 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/08 15:38:43 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\dds.scr
[2010/05/07 21:07:18 | 000,000,323 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/05/07 20:10:56 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\Spybot - Search & Destroy.lnk
[2010/05/07 19:39:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/05/07 19:38:42 | 000,001,607 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/07 19:34:27 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/06 23:11:11 | 000,027,792 | ---- | M] () -- C:\Documents and Settings\Dell\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/05 22:29:16 | 000,151,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/05 22:06:21 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/03 19:30:55 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/01 01:00:34 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/04/30 21:25:51 | 000,002,387 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2010/04/30 20:59:28 | 000,000,624 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/30 20:59:20 | 000,000,074 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 18:15:18 | 000,016,384 | ---- | M] (BitLeader) -- C:\WINDOWS\System32\lgfwunis.exe
[2010/04/27 20:19:50 | 000,001,982 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\HiJackThis.lnk
[2010/04/27 19:12:35 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/04/27 19:07:16 | 000,009,764 | -HS- | M] () -- C:\Documents and Settings\Dell\Local Settings\Application Data\UsIG2
[2010/04/27 19:07:16 | 000,009,764 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\UsIG2
[2010/04/27 18:23:25 | 000,899,695 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\XDelBox.zip
[2010/04/27 18:16:41 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/27 17:15:46 | 005,937,984 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Dell\Desktop\HitmanPro35.exe
[2010/04/27 00:12:43 | 000,030,092 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/27 00:11:16 | 000,002,391 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/04/26 16:52:41 | 000,010,926 | -HS- | M] () -- C:\Documents and Settings\Dell\Local Settings\Application Data\LS6hh08
[2010/04/26 16:52:41 | 000,010,926 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\LS6hh08
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/22 23:10:53 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/22 23:10:47 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Dell\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/20 18:45:18 | 000,000,107 | ---- | M] () -- C:\WINDOWS\MYOKENT.INI
[2010/04/19 22:00:56 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Notation Composer.lnk
[2010/04/18 16:01:49 | 000,001,206 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\Spelling Power Printable Resources.lnk
[2010/04/18 16:01:48 | 000,001,156 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\Spelling Power Searchable Word List.lnk
[2010/04/18 16:01:48 | 000,001,070 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\Spelling Power Digital Spelling Tutor.lnk
[2010/04/17 03:18:57 | 000,005,090 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ronomdwa.tbp
[2010/04/17 03:18:51 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\MidiIllustrator Virtuoso.lnk
[2010/04/17 03:18:04 | 000,000,054 | ---- | M] () -- C:\WINDOWS\Composer.INI
[2010/04/15 01:33:44 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/04/13 21:42:34 | 000,000,032 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss
[2010/04/13 21:42:34 | 000,000,032 | ---- | M] () -- C:\WINDOWS\System32\msvcsv60.dll
[2010/04/13 21:42:34 | 000,000,032 | ---- | M] () -- C:\WINDOWS\msocreg32.dat
[2010/04/04 22:33:46 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\Strobe.lnk
[2010/04/04 22:33:46 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\Cypher.lnk
[2010/04/04 22:33:46 | 000,001,667 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\Fusor.lnk
[2010/04/04 22:33:46 | 000,001,667 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\Amber.lnk
[2010/04/02 15:03:37 | 000,001,669 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\Secret Composer.lnk
[2010/03/31 18:04:49 | 000,051,304 | ---- | M] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2010/03/31 18:04:43 | 000,202,832 | ---- | M] (WebEx Communications, Inc) -- C:\WINDOWS\System32\atasnt40.dll
[2010/03/30 18:46:10 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Guitar Rig 3.lnk
[2010/03/30 18:39:40 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/03/30 18:38:18 | 000,001,774 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SONAR 8.5 Producer.lnk
[2010/03/28 09:10:53 | 000,000,066 | ---- | M] () -- C:\WINDOWS\BBW_INFO.INI
[2010/03/14 15:06:51 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 15:06:51 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 15:06:50 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/06 22:02:36 | 000,608,723 | ---- | M] () -- C:\Program Files\unins000.dat
[2010/03/06 21:54:05 | 000,695,523 | ---- | M] () -- C:\Program Files\unins000.exe

========== Files Created - No Company Name ==========

[2010/05/08 15:37:54 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\dds.scr
[2010/05/07 21:07:15 | 000,000,323 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/05/07 20:10:56 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\Spybot - Search & Destroy.lnk
[2010/05/07 19:39:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/07 19:38:42 | 000,001,607 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/27 20:19:50 | 000,001,982 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\HiJackThis.lnk
[2010/04/27 19:05:14 | 000,009,764 | -HS- | C] () -- C:\Documents and Settings\Dell\Local Settings\Application Data\UsIG2
[2010/04/27 19:05:14 | 000,009,764 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\UsIG2
[2010/04/27 18:23:21 | 000,899,695 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\XDelBox.zip
[2010/04/27 18:16:40 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/27 18:16:34 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/27 18:14:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/27 18:14:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/27 18:14:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/27 18:14:48 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/27 18:14:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/27 17:16:06 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/27 00:11:16 | 000,002,391 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/04/26 18:57:29 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/26 08:51:49 | 000,010,926 | -HS- | C] () -- C:\Documents and Settings\Dell\Local Settings\Application Data\LS6hh08
[2010/04/26 08:51:49 | 000,010,926 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\LS6hh08
[2010/04/20 18:45:18 | 000,000,107 | ---- | C] () -- C:\WINDOWS\MYOKENT.INI
[2010/04/19 22:00:56 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Notation Composer.lnk
[2010/04/18 16:01:48 | 000,001,206 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\Spelling Power Printable Resources.lnk
[2010/04/18 16:01:48 | 000,001,156 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\Spelling Power Searchable Word List.lnk
[2010/04/18 16:01:48 | 000,001,070 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\Spelling Power Digital Spelling Tutor.lnk
[2010/04/17 12:24:31 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/04/17 03:18:57 | 000,005,090 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ronomdwa.tbp
[2010/04/17 03:18:51 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\MidiIllustrator Virtuoso.lnk
[2010/04/17 03:18:04 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Composer.INI
[2010/04/04 22:33:46 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\Strobe.lnk
[2010/04/04 22:33:46 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\Cypher.lnk
[2010/04/04 22:33:46 | 000,001,667 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\Amber.lnk
[2010/04/04 22:33:45 | 000,001,667 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\Fusor.lnk
[2010/04/02 15:03:37 | 000,001,669 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\Secret Composer.lnk
[2010/03/31 18:04:49 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2010/03/30 18:46:10 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Guitar Rig 3.lnk
[2010/03/30 18:38:18 | 000,001,774 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SONAR 8.5 Producer.lnk
[2010/03/07 00:57:43 | 001,893,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/06 21:50:45 | 000,695,523 | ---- | C] () -- C:\Program Files\unins000.exe
[2010/03/06 21:50:44 | 000,608,723 | ---- | C] () -- C:\Program Files\unins000.dat
[2010/03/06 15:57:07 | 000,002,387 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2009/10/15 14:07:32 | 000,000,042 | ---- | C] () -- C:\WINDOWS\rkeeper.ini
[2009/10/15 14:05:44 | 000,094,720 | ---- | C] () -- C:\WINDOWS\System32\SH30W32.DLL
[2009/05/22 08:43:06 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2009/04/28 10:57:02 | 000,000,046 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2009/04/28 10:51:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2009/03/28 20:45:36 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2009/03/28 20:45:00 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2009/03/28 20:45:00 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2009/03/12 16:54:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/03/12 15:54:48 | 000,000,180 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/03/02 10:45:35 | 000,001,847 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009/02/19 20:08:41 | 000,003,844 | ---- | C] () -- C:\WINDOWS\scad3.INI
[2009/02/01 23:58:46 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/02/01 23:58:45 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/02/01 23:58:45 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\DVDIFOFilter.dll
[2008/12/28 14:15:45 | 000,000,361 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2008/12/12 21:17:18 | 000,000,066 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI
[2008/08/11 22:39:41 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/07/30 18:48:34 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2008/07/30 18:48:34 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2008/07/30 18:48:33 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2008/07/30 18:48:30 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2008/07/30 18:48:29 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2008/07/30 18:48:29 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2008/07/30 18:48:27 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2008/07/30 18:48:27 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2008/07/30 18:48:26 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2008/07/30 18:48:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2008/07/29 21:23:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/07 19:29:43 | 000,002,681 | ---- | C] () -- C:\WINDOWS\System32\ASPRTMM9.DLL
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== LOP Check ==========

[2010/04/27 19:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avG
[2008/07/29 22:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2010/03/30 18:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2010/04/27 17:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/05/30 09:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iPass
[2009/04/11 22:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2008/11/09 10:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/03/25 22:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/11/05 02:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/08 21:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/03/30 18:45:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{902029B2-957E-4066-85FA-30DA31731718}
[2010/03/30 18:46:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E0C041D8-7EFB-4E8C-A20F-651F5AD0B7C1}
[2010/04/15 01:33:44 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/05/01 01:00:34 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========


< End of report >

 

HijackThis log file

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:20:17 AM, on 5/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe "
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DVDtoiPodConverter_upgrade] "C:\Program Files\E-Zsoft\DVDtoiPodConverter\DVDtoiPodConverter.exe" /upgrade
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe "
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe "
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Save YouTube Video - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

--
End of file - 11740 bytes

 

Have there been any changes to the problem yet?

Which browser is being re-directed?

Try the following for the Windows Update fix;

Download Dial-a-Fix and run it. Select the 'Check all' (green arrow) and then hit 'GO.'
Reboot when done and see how things are now.

 

Problem seems that same. How long should dial a fix take? It has been running the D||Installing shell32.dll for about 15 minutes for that one step.

The browser effected is both firefox and intenet explorer. I will get redirection on google and yahoo searches. often a first website or two will work before the redirection starts. Also i get more windows with adds runing in them when I click links (even from www.windowsbbs.com)

Attached is the current log from dial-a-fix

5:05:51 PM | Dial-a-fix was unable to determine your version of Internet Explorer
Notes about this log:
1) "->" denotes an external command being executed, and "-> (number)" indicates
the return code from the previous command
2) Not all external command return codes are accurate, or useful
3) Sometimes commands return 0 (no error) even when they fail or crash
4) If an error occurs while registering an object, please send an email to:
dial-a-fix@DjLizard.net and include a copy of this log

DAF version: v0.60.0.24

--- System info ---
OS: Microsoft Windows XP Service Pack 3
IE version: 8.0.6001.18702
MPC: 76487-640
CPU: Intel(R) Pentium(R) 4 CPU 2.80GHz (~2800MHz)
BIOS: 9/17/2004
Memory (approx): 2038MB
Uptime: 2 hour(s)
Current directory: C:\Documents and Settings\Dell\Desktop\Dial-a-fix-v0.60.0.24
---

5/9/2010 5:05:51 PM -- Dial-a-fix : [v0.60.0.24] -- started
5:05:51 PM | Policy scan started
5:05:51 PM | Policy scan ended - no restrictive policies were found
--- Emptying temp folders ---
5:06:17 PM | Deleting C:\Documents and Settings\Dell\Local Settings\Temp...
5:06:18 PM | C:\Documents and Settings\Dell\Local Settings\Temp could not be completely emptied, please reboot and try again
5:06:18 PM | Deleting C:\WINDOWS\temp...
5:06:18 PM | C:\WINDOWS\temp could not be completely emptied, please reboot and try again
5:06:18 PM | Deleting C:\DOCUME~1\Dell\LOCALS~1\Temp...
5:06:19 PM | C:\DOCUME~1\Dell\LOCALS~1\Temp could not be completely emptied, please reboot and try again
--- MSI ---
5:06:38 PM | Registered: C:\WINDOWS\system32\msi.dll
--- Windows Update ---
--- Registration: Windows Update/Automatic Update DLLs ---
5:06:53 PM | Unregistered: C:\WINDOWS\system32\msxml.dll
5:06:53 PM | Registered: C:\WINDOWS\system32\msxml.dll
5:06:54 PM | Unregistered: C:\WINDOWS\system32\msxml2.dll
5:06:54 PM | Registered: C:\WINDOWS\system32\msxml2.dll
5:07:02 PM | Unregistered: C:\WINDOWS\system32\msxml3.dll
5:07:04 PM | Registered: C:\WINDOWS\system32\msxml3.dll
5:07:04 PM | Unregistered: C:\WINDOWS\system32\msxml4.dll
5:07:04 PM | Registered: C:\WINDOWS\system32\msxml4.dll
5:07:04 PM | Unregistered: C:\WINDOWS\system32\qmgr.dll
5:07:04 PM | Registered: C:\WINDOWS\system32\qmgr.dll
5:07:04 PM | Unregistered: C:\WINDOWS\system32\qmgrprxy.dll
5:07:04 PM | Registered: C:\WINDOWS\system32\qmgrprxy.dll
5:07:04 PM | Unregistered: C:\WINDOWS\system32\winhttp.dll
5:07:04 PM | Registered: C:\WINDOWS\system32\winhttp.dll
5:07:05 PM | Registered: C:\WINDOWS\system32\wuapi.dll
5:07:05 PM | Unregistered: C:\WINDOWS\system32\wuaueng.dll
5:07:06 PM | Registered: C:\WINDOWS\system32\wuaueng.dll
5:07:06 PM | Unregistered: C:\WINDOWS\system32\wuaueng1.dll
5:07:06 PM | Registered: C:\WINDOWS\system32\wuaueng1.dll
5:07:06 PM | Unregistered: C:\WINDOWS\system32\wucltui.dll
5:07:06 PM | Registered: C:\WINDOWS\system32\wucltui.dll
5:07:06 PM | Unregistered: C:\WINDOWS\system32\wups.dll
5:07:06 PM | Registered: C:\WINDOWS\system32\wups.dll
5:07:06 PM | Unregistered: C:\WINDOWS\system32\wups2.dll
5:07:07 PM | Registered: C:\WINDOWS\system32\wups2.dll
5:07:07 PM | Unregistered: C:\WINDOWS\system32\wuweb.dll
5:07:07 PM | Registered: C:\WINDOWS\system32\wuweb.dll
5:07:07 PM | Registered: C:\WINDOWS\system32\ole32.dll
--- SSL/HTTPS/Cryptography ---
5:07:24 PM | Executed 'cmd.exe /c rmdir /q /s C:\WINDOWS\system32\Catroot2'
--- Registration: SSL/HTTPS/Cryptography ---
5:07:31 PM | Unregistered: C:\WINDOWS\system32\cryptdlg.dll
5:07:31 PM | Registered: C:\WINDOWS\system32\cryptdlg.dll
5:07:31 PM | Unregistered: C:\WINDOWS\system32\cryptui.dll
5:07:31 PM | Registered: C:\WINDOWS\system32\cryptui.dll
5:07:31 PM | Unregistered: C:\WINDOWS\system32\cryptext.dll
5:07:32 PM | Registered: C:\WINDOWS\system32\cryptext.dll
5:07:32 PM | Unregistered: C:\WINDOWS\system32\dssenh.dll
5:07:32 PM | Registered: C:\WINDOWS\system32\dssenh.dll
5:07:32 PM | Unregistered: C:\WINDOWS\system32\gpkcsp.dll
5:07:32 PM | Registered: C:\WINDOWS\system32\gpkcsp.dll
5:07:33 PM | Unregistered: C:\WINDOWS\system32\initpki.dll
5:08:16 PM | Registered: C:\WINDOWS\system32\initpki.dll
5:08:16 PM | Unregistered: C:\WINDOWS\system32\licdll.dll
5:08:16 PM | Registered: C:\WINDOWS\system32\licdll.dll
5:08:16 PM | Unregistered: C:\WINDOWS\system32\mssign32.dll
5:08:16 PM | Registered: C:\WINDOWS\system32\mssign32.dll
5:08:16 PM | Unregistered: C:\WINDOWS\system32\mssip32.dll
5:08:16 PM | Registered: C:\WINDOWS\system32\mssip32.dll
5:08:18 PM | Unregistered: C:\WINDOWS\system32\scardssp.dll
5:08:19 PM | Registered: C:\WINDOWS\system32\scardssp.dll
5:08:19 PM | Unregistered: C:\WINDOWS\system32\sccbase.dll
5:08:19 PM | Registered: C:\WINDOWS\system32\sccbase.dll
5:08:19 PM | Unregistered: C:\WINDOWS\system32\scecli.dll
5:08:19 PM | Registered: C:\WINDOWS\system32\scecli.dll
5:08:19 PM | Unregistered: C:\WINDOWS\system32\softpub.dll
5:08:19 PM | Registered: C:\WINDOWS\system32\softpub.dll
5:08:20 PM | Unregistered: C:\WINDOWS\system32\slbcsp.dll
5:08:20 PM | Registered: C:\WINDOWS\system32\slbcsp.dll
5:08:21 PM | Unregistered: C:\WINDOWS\system32\regwizc.dll
5:08:21 PM | Registered: C:\WINDOWS\system32\regwizc.dll
5:08:21 PM | Unregistered: C:\WINDOWS\system32\rsaenh.dll
5:08:21 PM | Registered: C:\WINDOWS\system32\rsaenh.dll
5:08:21 PM | Unregistered: C:\WINDOWS\system32\winhttp.dll
5:08:21 PM | Registered: C:\WINDOWS\system32\winhttp.dll
5:08:21 PM | Unregistered: C:\WINDOWS\system32\wintrust.dll
5:08:21 PM | Registered: C:\WINDOWS\system32\wintrust.dll
--- Registration: ActiveX controls/codecs ---
5:08:23 PM | Registered: C:\WINDOWS\system32\acelpdec.ax
5:08:23 PM | Registered: C:\WINDOWS\system32\actxprxy.dll
5:08:23 PM | Registered: C:\WINDOWS\system32\asctrls.ocx
5:08:23 PM | Registered: C:\WINDOWS\system32\daxctle.ocx
5:08:24 PM | Registered: C:\WINDOWS\system32\hhctrl.ocx
5:08:24 PM | Registered: C:\WINDOWS\system32\l3codecx.ax
5:08:24 PM | Registered: C:\WINDOWS\system32\licmgr10.dll
5:08:24 PM | Registered: C:\WINDOWS\system32\mpg4ds32.ax
5:08:36 PM | Registered: C:\WINDOWS\system32\msdxm.ocx
5:08:36 PM | Registered: C:\WINDOWS\system32\proctexe.ocx
5:08:36 PM | Registered: C:\WINDOWS\system32\tdc.ocx
5:08:36 PM | Registered: C:\WINDOWS\system32\wshom.ocx
--- Registration: Control Panel applets ---
5:08:36 PM | DllInstalled: C:\WINDOWS\system32\inetcpl.cpl
5:08:36 PM | DllInstalled: C:\WINDOWS\system32\appwiz.cpl
5:08:37 PM | Registered: C:\WINDOWS\system32\appwiz.cpl
5:08:37 PM | DllInstalled: C:\WINDOWS\system32\nusrmgr.cpl
5:08:37 PM | Registered: C:\WINDOWS\system32\nusrmgr.cpl
--- Registration: Direct[X|Draw|Show|Media] ---
5:08:38 PM | Registered: C:\WINDOWS\system32\quartz.dll
5:08:39 PM | Registered: C:\WINDOWS\system32\danim.dll
5:08:39 PM | Registered: C:\WINDOWS\system32\dmscript.dll
5:08:39 PM | Registered: C:\WINDOWS\system32\dmstyle.dll
5:08:39 PM | Registered: C:\WINDOWS\system32\dxmasf.dll
5:08:39 PM | Registered: C:\WINDOWS\system32\dxtmsft.dll
5:08:39 PM | Registered: C:\WINDOWS\system32\dxtrans.dll
5:08:39 PM | Registered: C:\WINDOWS\system32\sbe.dll
--- Registration: Programming cores/runtimes ---
5:08:39 PM | Registered: C:\WINDOWS\system32\atl.dll
5:08:39 PM | Registered: C:\WINDOWS\system32\corpol.dll
5:08:39 PM | Registered: C:\WINDOWS\system32\jscript.dll
5:08:39 PM | Registered: C:\WINDOWS\system32\dispex.dll
5:08:40 PM | Registered: C:\WINDOWS\system32\scrrun.dll
5:08:40 PM | Registered: C:\WINDOWS\system32\scrobj.dll
5:08:40 PM | Registered: C:\WINDOWS\system32\vbscript.dll
5:08:40 PM | Registered: C:\WINDOWS\system32\wshext.dll
--- Registration: Explorer/IE/OE/shell/WMP ---
5:08:40 PM | Registered: C:\WINDOWS\system32\activeds.dll
5:08:41 PM | DllInstalled: C:\WINDOWS\system32\browseui.dll
5:08:41 PM | Registered: C:\WINDOWS\system32\browseui.dll
5:08:41 PM | Registered: C:\WINDOWS\system32\browsewm.dll
5:08:41 PM | Registered: C:\WINDOWS\system32\cabview.dll
5:08:42 PM | Registered: C:\WINDOWS\system32\cdfview.dll
5:08:42 PM | Registered: C:\WINDOWS\system32\clbcatex.dll
5:08:42 PM | Registered: C:\WINDOWS\system32\clbcatq.dll
5:08:42 PM | Registered: C:\WINDOWS\system32\comcat.dll
5:08:42 PM | Registered: C:\WINDOWS\system32\cscui.dll
5:08:42 PM | Registered: C:\WINDOWS\system32\credui.dll
5:08:42 PM | Registered: C:\WINDOWS\system32\datime.dll
5:08:42 PM | Registered: C:\WINDOWS\system32\devmgr.dll
5:08:42 PM | Registered: C:\WINDOWS\system32\dfsshlex.dll
5:08:43 PM | Registered: C:\WINDOWS\system32\dmdlgs.dll
5:08:43 PM | Registered: C:\WINDOWS\system32\dmdskmgr.dll
5:08:43 PM | Registered: C:\WINDOWS\system32\dmloader.dll
5:08:43 PM | Registered: C:\WINDOWS\system32\dmocx.dll
5:08:43 PM | Registered: C:\WINDOWS\system32\dmview.ocx
5:08:43 PM | DllInstalled: C:\WINDOWS\system32\dsuiext.dll
5:08:43 PM | Registered: C:\WINDOWS\system32\dsuiext.dll
5:08:43 PM | DllInstalled: C:\WINDOWS\system32\dsquery.dll
5:08:43 PM | Registered: C:\WINDOWS\system32\dsquery.dll
5:08:43 PM | Registered: C:\WINDOWS\system32\dskquoui.dll
5:08:43 PM | Registered: C:\WINDOWS\system32\els.dll
5:08:44 PM | Registered: C:\WINDOWS\system32\es.dll
5:08:44 PM | Registered: C:\WINDOWS\system32\fontext.dll
5:08:44 PM | Registered: C:\WINDOWS\system32\hlink.dll
5:08:44 PM | Registered: C:\WINDOWS\system32\hnetcfg.dll
5:08:44 PM | Registered: C:\WINDOWS\system32\iedkcs32.dll
5:08:44 PM | Registered: C:\WINDOWS\system32\iepeers.dll
5:08:44 PM | Error 127: C:\WINDOWS\system32\iesetup.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
5:09:31 PM | Error 127: C:\WINDOWS\system32\iesetup.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
5:09:34 PM | Registered: C:\WINDOWS\system32\ils.dll
5:09:34 PM | Error 127: C:\WINDOWS\system32\imgutil.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
5:09:34 PM | Registered: C:\WINDOWS\system32\inetcfg.dll
5:09:35 PM | Registered: C:\WINDOWS\system32\inetcomm.dll
5:09:35 PM | Error 127: C:\WINDOWS\system32\inseng.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
5:09:36 PM | Error 127: C:\WINDOWS\system32\inseng.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
5:09:36 PM | Registered: C:\WINDOWS\system32\laprxy.dll
5:09:37 PM | Registered: C:\WINDOWS\system32\lmrt.dll
5:09:37 PM | Registered: C:\WINDOWS\system32\mlang.dll
5:09:38 PM | Registered: C:\WINDOWS\system32\mmcndmgr.dll
5:09:38 PM | Registered: C:\WINDOWS\system32\mmcshext.dll
5:09:38 PM | Registered: C:\WINDOWS\system32\mscoree.dll
5:09:38 PM | Error 127: C:\WINDOWS\system32\mshtml.dll is not registerable or the file is corrupted. Version: 8.00.6001.18904
5:09:39 PM | Error 127: C:\WINDOWS\system32\mshtml.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18904
5:09:43 PM | Registered: C:\WINDOWS\system32\mshtmled.dll
5:09:44 PM | Registered: C:\WINDOWS\system32\msieftp.dll
5:09:44 PM | Registered: C:\WINDOWS\system32\msoeacct.dll
5:09:44 PM | Registered: C:\WINDOWS\system32\msr2c.dll
5:09:44 PM | Error 127: C:\WINDOWS\system32\msrating.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
5:09:50 PM | DllInstalled: C:\WINDOWS\system32\mydocs.dll
5:09:50 PM | Registered: C:\WINDOWS\system32\mydocs.dll
5:09:50 PM | Registered: C:\WINDOWS\system32\mstime.dll
5:09:50 PM | Registered: C:\WINDOWS\system32\netcfgx.dll
5:09:51 PM | DllInstalled: C:\WINDOWS\system32\netplwiz.dll
5:09:51 PM | Registered: C:\WINDOWS\system32\netplwiz.dll
5:09:51 PM | Registered: C:\WINDOWS\system32\netman.dll
5:09:51 PM | Registered: C:\WINDOWS\system32\netshell.dll
5:09:51 PM | Registered: C:\WINDOWS\system32\ntmsevt.dll
5:09:51 PM | Registered: C:\WINDOWS\system32\ntmsmgr.dll
5:09:52 PM | DllInstalled: C:\WINDOWS\system32\ntmssvc.dll
5:09:52 PM | Registered: C:\WINDOWS\system32\ntmssvc.dll
5:09:52 PM | Error 127: C:\WINDOWS\system32\occache.dll is not registerable or the file is corrupted. Version: 8.00.6001.18904
5:09:57 PM | Error 127: C:\WINDOWS\system32\occache.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18904
5:09:58 PM | Registered: C:\WINDOWS\system32\ole32.dll
5:09:58 PM | Registered: C:\WINDOWS\system32\oleaut32.dll
5:09:58 PM | Registered: C:\WINDOWS\system32\oleacc.dll
5:09:58 PM | Registered: C:\WINDOWS\system32\olepro32.dll
5:09:58 PM | DllInstalled: C:\WINDOWS\system32\photowiz.dll
5:09:58 PM | Registered: C:\WINDOWS\system32\photowiz.dll
5:09:58 PM | Error 127: C:\WINDOWS\system32\pngfilt.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
5:09:59 PM | Registered: C:\WINDOWS\system32\remotepg.dll
5:09:59 PM | Registered: C:\WINDOWS\system32\rpcrt4.dll
5:09:59 PM | Registered: C:\WINDOWS\system32\rshx32.dll
5:09:59 PM | Registered: C:\WINDOWS\system32\sendmail.dll
5:09:59 PM | Registered: C:\WINDOWS\system32\slayerxp.dll
5:10:04 PM | DllInstalled: C:\WINDOWS\system32\shdocvw.dll
5:10:05 PM | Registered: C:\WINDOWS\system32\shdocvw.dll
5:10:05 PM | Registered: C:\WINDOWS\system32\shell32.dll

 

It has been running the D||Installing shield32.dll for almost two hours now. Should I cancel out of dial-a-fix?

 

Yes. cancel out of it. Shouldn't take that long.

Please download [color= "#FF0000"]GooredFix[/color] from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Ensure all Firefox windows are closed.
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
• When prompted to run the scan, click Yes.
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

 

REsults of GooredFix.txt

GooredFix by jpshortstuff (08.01.10.1)
Log created at 19:26 on 09/05/2010 (Dell)
Firefox version 3.6.3 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [23:38 07/05/2010]

C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\ib12aaxi.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [23:43 07/05/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45} "= "C:\Program Files\McAfee\SiteAdvisor" [15:38 29/09/2008]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758} "= "C:\Program Files\Real\RealPlayer\browserrecord" [01:08 03/10/2008]
"{20a82645-c095-46ed-80e3-08825760534b} "= "c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [00:27 29/01/2009]
"{27182e60-b5f3-411c-b545-b44205977502} "= "C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\" [10:56 09/01/2010]
"jqs@sun.com "= "C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [00:54 28/12/2008]

-=E.O.F=-

 

Delete any copies of combofix you have on your pc.

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

 

I did not see a combo fix log but after it ran i made another HJT Log and it is attached.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:37:03 PM, on 5/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe "
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DVDtoiPodConverter_upgrade] "C:\Program Files\E-Zsoft\DVDtoiPodConverter\DVDtoiPodConverter.exe" /upgrade
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe "
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe "
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Save YouTube Video - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

--
End of file - 11783 bytes

 

Combofix log will be found in C:\qoobox.

 

No log in that directory but there is a .log file in C:\Qoobox\Quarantine called catchme.log and it has in it:


-------- 2010-04-27 - 18:14:31 -------------


-------- 2010-05-05 - 22:00:55 -------------


-------- 2010-05-05 - 22:02:33 -------------


-------- 2010-05-09 - 20:25:50 -------------

 

Can you find it here; C:\ComboFix.txt. Obviously directly on your C drive.
If not, try doing a search for combofix.txt

 

I could not find combofix.txt. Did combo fix not complete its run? Could the existance of C:\Qoobox being generated on May 5th have had an issue? What is the propr way to ensure that combo fix was deleted correctly the last time it was installed?