1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Malware infection?

Discussion in 'Malware and Virus Removal Archive' started by llsshopping, 2010/08/11.

Page 1 of 2
  1. 2010/08/11
    llsshopping

    llsshopping Inactive Thread Starter

    Joined:
    2009/12/22
    Messages:
    92
    Likes Received:
    0
    [Resolved] Malware infection?

    My PC has become infected. While using the internet, we recently received a pop-up claiming we had been infected. I then ran Malwarebytes and it found 8 items. I removed them, but I am not concerned there may still be an issue and would like to be sure. Below are the requested logs as well as the Malwarebytes log.

    Thank you in advance.


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Lance at 19:51:25.26 on Wed 08/11/2010
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2458 [GMT -4:00]

    AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\drivers\audio\r211990\stacsv.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32\DRIVERS\o2flash.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\WINDOWS\system32\AESTFltr.exe
    C:\WINDOWS\OEM13Mon.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Lance\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    mStart Page = hxxp://www.dell.com
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exe
    mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe "
    mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243640575500
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\lance\applic~1\mozilla\firefox\profiles\kq3smm6q.default\
    FF - prefs.js: browser.startup.homepage - hxxp://g.msn.com/USSMB/1
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - plugin: c:\documents and settings\lance\application data\move networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

    ============= SERVICES / DRIVERS ===============

    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-13 214664]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-10-14 93320]
    R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-10-14 359952]
    R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-10-14 144704]
    R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-5-24 112512]
    R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-10-14 606736]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-10-14 79816]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-10-14 35272]
    R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-10-14 40552]
    R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [2009-5-24 51616]
    R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [2009-5-24 41760]
    R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [2009-5-24 141376]
    R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2009-5-24 7424]
    R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2009-5-24 235840]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-10-14 34248]

    =============== Created Last 30 ================

    2010-08-11 01:45:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-11 01:45:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-11 01:45:26 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-17 01:03:13 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

    ==================== Find3M ====================

    2010-07-15 19:18:22 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
    2009-05-24 13:50:46 75 --sh--r- c:\windows\CT4CET.bin

    ============= FINISH: 19:52:04.25 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 5/29/2009 6:32:50 PM
    System Uptime: 8/11/2010 7:15:13 PM (0 hours ago)

    Motherboard: Dell Inc. | | 0P993J
    Processor: Intel(R) Core(TM)2 Duo CPU T6570 @ 2.10GHz | U2E1 | 2094/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 233 GiB total, 217.815 GiB free.
    D: is CDROM (CDFS)
    E: is NetworkDisk (NTFS) - 149 GiB total, 5.374 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\A000B0000010
    Manufacturer: Microsoft
    Name: 1394 Net Adapter
    PNP Device ID: V1394\NIC1394\A000B0000010
    Service: NIC1394

    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: Photosmart C7200 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart C7200 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:

    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: Photosmart C6200 series
    Device ID: ROOT\MULTIFUNCTION\0001
    Manufacturer: HP
    Name: Photosmart C6200 series
    PNP Device ID: ROOT\MULTIFUNCTION\0001
    Service:

    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: HP Color LaserJet 2600n
    Device ID: ROOT\MULTIFUNCTION\0002
    Manufacturer: Hewlett-Packard
    Name: HP Color LaserJet 2600n
    PNP Device ID: ROOT\MULTIFUNCTION\0002
    Service:

    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: hp LaserJet 4240
    Device ID: ROOT\MULTIFUNCTION\0003
    Manufacturer: Hewlett-Packard
    Name: hp LaserJet 4240
    PNP Device ID: ROOT\MULTIFUNCTION\0003
    Service:

    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: hp LaserJet 4250
    Device ID: ROOT\MULTIFUNCTION\0004
    Manufacturer: Hewlett-Packard
    Name: hp LaserJet 4250
    PNP Device ID: ROOT\MULTIFUNCTION\0004
    Service:

    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: hp LaserJet 4250
    Device ID: ROOT\MULTIFUNCTION\0005
    Manufacturer: Hewlett-Packard
    Name: hp LaserJet 4250
    PNP Device ID: ROOT\MULTIFUNCTION\0005
    Service:

    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: HP LaserJet 4050 Series
    Device ID: ROOT\MULTIFUNCTION\0006
    Manufacturer: Hewlett-Packard
    Name: HP LaserJet 4050 Series
    PNP Device ID: ROOT\MULTIFUNCTION\0006
    Service:

    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: Photosmart C7200 series
    Device ID: ROOT\MULTIFUNCTION\0007
    Manufacturer: HP
    Name: Photosmart C7200 series
    PNP Device ID: ROOT\MULTIFUNCTION\0007
    Service:

    ==== System Restore Points ===================

    RP15: 5/14/2010 6:39:20 PM - System Checkpoint
    RP16: 5/15/2010 3:04:23 PM - Software Distribution Service 3.0
    RP17: 5/16/2010 3:38:09 PM - System Checkpoint
    RP18: 5/17/2010 3:39:29 PM - System Checkpoint
    RP19: 5/18/2010 4:39:29 PM - System Checkpoint
    RP20: 5/19/2010 5:39:28 PM - System Checkpoint
    RP21: 5/20/2010 6:39:28 PM - System Checkpoint
    RP22: 5/21/2010 6:58:49 PM - System Checkpoint
    RP23: 5/23/2010 3:07:57 PM - System Checkpoint
    RP24: 5/24/2010 3:48:25 PM - System Checkpoint
    RP25: 5/25/2010 4:48:29 PM - System Checkpoint
    RP26: 5/25/2010 7:25:55 PM - Software Distribution Service 3.0
    RP27: 5/26/2010 7:48:27 PM - System Checkpoint
    RP28: 5/28/2010 11:51:42 AM - System Checkpoint
    RP29: 6/4/2010 10:37:48 PM - System Checkpoint
    RP30: 6/6/2010 4:25:02 PM - System Checkpoint
    RP31: 6/8/2010 10:25:31 PM - System Checkpoint
    RP32: 6/14/2010 10:28:30 PM - Software Distribution Service 3.0
    RP33: 6/25/2010 3:27:40 PM - System Checkpoint
    RP34: 6/27/2010 11:21:15 AM - System Checkpoint
    RP35: 7/16/2010 9:04:36 PM - Software Distribution Service 3.0
    RP36: 7/21/2010 10:00:16 PM - System Checkpoint
    RP37: 7/23/2010 10:12:00 PM - System Checkpoint
    RP38: 7/25/2010 12:18:06 AM - System Checkpoint
    RP39: 7/26/2010 12:59:29 AM - System Checkpoint
    RP40: 7/28/2010 7:03:46 PM - System Checkpoint
    RP41: 8/1/2010 5:01:30 PM - System Checkpoint
    RP42: 8/8/2010 7:41:01 PM - System Checkpoint
    RP43: 8/10/2010 9:44:09 PM - Software Distribution Service 3.0

    ==== Installed Programs ======================

    32 Bit HP CIO Components Installer
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.3
    Adobe Shockwave Player 11.5
    Advanced Audio FX Engine
    Advanced Video FX Engine
    AIO_Scan
    Choice Guard
    Coupon Printer for Windows
    Dell Support Center
    Dell Touchpad
    Dell Video Chat
    Dell Webcam Center
    Dell Webcam Manager
    Dell Wireless WLAN Card Utility
    Fax
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB949764)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB953955)
    Hotfix for Windows XP (KB954434)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB958347)
    Hotfix for Windows XP (KB959252)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Photosmart All-In-One Software 9.0
    Intel(R) Graphics Media Accelerator Driver
    Java Auto Updater
    Java(TM) 6 Update 18
    Junk Mail filter update
    Laptop Integrated Webcam Driver (1.01.01.0529)
    LG USB Modem driver
    Live! Cam Avatar Creator
    Live! Cam Avatar v1.0
    Malwarebytes' Anti-Malware
    McAfee SecurityCenter
    MetaFrame Presentation Server Web Client for Win32
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Office Professional Edition 2003
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Move Media Player
    Mozilla Firefox (3.6.8)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB927977)
    NetDeviceManager
    Picasa 3
    PowerDVD DX
    PS_AIO_02_Software_min
    RealPlayer
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Express Labeler 3
    Roxio Update Manager
    Scan
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB982381)
    Segoe UI
    Sonic CinePlayer Decoder Pack
    Spelling Dictionaries Support For Adobe Reader 9
    Toolbox
    Tweak UI
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951618-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update for Windows XP (KB978207)
    Update for Windows XP (KB980182)
    WebFldrs XP
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Presentation Foundation
    Windows Search 4.0
    WinZip 14.0
    XML Paper Specification Shared Components Pack 1.0

    ==== Event Viewer Messages From Past Week ========

    8/4/2010 9:33:01 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    8/4/2010 11:26:30 AM, error: PSched [14103] - QoS [Adapter {26599C6E-039C-47FE-99A1-3A763A960524}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
    8/4/2010 1:14:38 PM, error: Dhcp [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 00225FA31F2A has been denied by the DHCP server 10.200.128.5 (The DHCP Server sent a DHCPNACK message).
    8/11/2010 6:24:45 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    8/11/2010 6:15:30 AM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

    ==== End Of File ===========================


    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4417

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    8/11/2010 6:22:24 PM
    mbam-log-2010-08-11 (18-22-24).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 202855
    Time elapsed: 35 minute(s), 1 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 14

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\Lisa\Local Settings\Application Data\Mozilla\Firefox\Profiles\v0tp21g1.default\Cache\73B97C36d01 (Rogue.MySecurityShield) -> No action taken.
    C:\Documents and Settings\Lisa\Local Settings\Application Data\Mozilla\Firefox\Profiles\v0tp21g1.default\Cache\608615E4d01 (Rogue.MySecurityShield) -> No action taken.
    C:\Documents and Settings\Lisa\Local Settings\Application Data\Mozilla\Firefox\Profiles\v0tp21g1.default\Cache\29A32D9Cd01 (Rogue.MySecurityShield) -> No action taken.
    C:\Documents and Settings\Lisa\Local Settings\Application Data\Mozilla\Firefox\Profiles\v0tp21g1.default\Cache\2BC6C54Bd01 (Rogue.MySecurityShield) -> No action taken.
    C:\Documents and Settings\Lisa\Local Settings\Application Data\Mozilla\Firefox\Profiles\v0tp21g1.default\Cache\93A8B72Ed01 (Rogue.MySecurityShield) -> No action taken.
    C:\Documents and Settings\Lisa\Local Settings\Application Data\Mozilla\Firefox\Profiles\v0tp21g1.default\Cache\93F30F45d01 (Rogue.MySecurityShield) -> No action taken.
    C:\Documents and Settings\Lisa\Local Settings\Application Data\Mozilla\Firefox\Profiles\v0tp21g1.default\Cache\E65E8F6Fd01 (Rogue.MySecurityShield) -> No action taken.
    C:\Documents and Settings\Lisa\Local Settings\Application Data\Mozilla\Firefox\Profiles\v0tp21g1.default\Cache\5DD1D8C7d01 (Rogue.MySecurityShield) -> No action taken.
    C:\Documents and Settings\Lisa\Local Settings\Application Data\Mozilla\Firefox\Profiles\v0tp21g1.default\Cache\D119F728d01 (Rogue.MySecurityShield) -> No action taken.
    C:\Documents and Settings\Lisa\Local Settings\Application Data\Mozilla\Firefox\Profiles\v0tp21g1.default\Cache\A99853A3d01 (Rogue.MySecurityShield) -> No action taken.
    C:\Documents and Settings\Lisa\Local Settings\Application Data\Mozilla\Firefox\Profiles\v0tp21g1.default\Cache\F89EFBACd01 (Rogue.MySecurityShield) -> No action taken.
    C:\Documents and Settings\Lisa\Local Settings\Application Data\Mozilla\Firefox\Profiles\v0tp21g1.default\Cache\6E35E21Ad01 (Rogue.MySecurityShield) -> No action taken.
    C:\Documents and Settings\Lisa\Local Settings\Application Data\Mozilla\Firefox\Profiles\v0tp21g1.default\Cache\7094A0A3d01 (Rogue.MySecurityShield) -> No action taken.
    C:\Documents and Settings\Lisa\Local Settings\Application Data\Mozilla\Firefox\Profiles\v0tp21g1.default\Cache\2E4D9B4Bd01 (Rogue.MySecurityShield) -> No action taken.
     
    llsshopping,
    #1
  2. 2010/08/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Your log says "No action taken" after each line.
    Re-run "Quick scan" and fix all issues this time around.
    Post new log.

    Then...


    STEP 1. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.


    STEP 2. Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.



    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #2


  3. to hide this advert.

  4. 2010/08/20
    llsshopping

    llsshopping Inactive Thread Starter

    Joined:
    2009/12/22
    Messages:
    92
    Likes Received:
    0
    Thank you for your help. I will follow through to the end. Here is the MBR Log:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 145):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
    0xB9F79000 ACPI.sys
    0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB9F68000 pci.sys
    0xBA0A8000 isapnp.sys
    0xBA4BC000 compbatt.sys
    0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xBA0B8000 MountMgr.sys
    0xB9F49000 ftdisk.sys
    0xB9F23000 dmio.sys
    0xBA328000 PartMgr.sys
    0xBA4C4000 ACPIEC.sys
    0xBA670000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    0xBA0C8000 VolSnap.sys
    0xB9E49000 iaStor.sys
    0xBA0D8000 disk.sys
    0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB9E29000 fltMgr.sys
    0xB9E17000 sr.sys
    0xBA5AC000 DLACDBHM.SYS
    0xB9E00000 DRVMCDB.SYS
    0xBA0F8000 PxHelp20.sys
    0xB9DE9000 KSecDD.sys
    0xB9D5C000 Ntfs.sys
    0xB9D2F000 NDIS.sys
    0xBA108000 ohci1394.sys
    0xBA118000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xB9D15000 Mup.sys
    0xB8AB5000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
    0xB8AA1000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xBA388000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB8A7D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xBA390000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB8A55000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xB8A37000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
    0xB88FC000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
    0xBA1F8000 \SystemRoot\system32\DRIVERS\o2sdg.sys
    0xB88E4000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    0xBA208000 \SystemRoot\system32\DRIVERS\o2mdg.sys
    0xB9CE5000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xBA218000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xBA398000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xB88B0000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
    0xBA228000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    0xB8835000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
    0xBA3A0000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBA238000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xBA248000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xBA258000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB8812000 \SystemRoot\system32\DRIVERS\ks.sys
    0xBA268000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xBA747000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xB92EE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xB9CB4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB84CF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xB92DE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xBA2B8000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xBA3E0000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB841E000 \SystemRoot\system32\DRIVERS\psched.sys
    0xBA2C8000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xBA3E8000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xBA3F0000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB83EE000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xBA2D8000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xBA5E2000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB8390000 \SystemRoot\system32\DRIVERS\update.sys
    0xB9C9C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xA721E000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xA67CF000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xBA61A000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xA072F000 \SystemRoot\system32\drivers\sthda.sys
    0xA070B000 \SystemRoot\system32\drivers\portcls.sys
    0xA1403000 \SystemRoot\system32\drivers\drmk.sys
    0xA06EF000 \SystemRoot\system32\drivers\AESTAud.sys
    0xA06CC000 \??\C:\WINDOWS\system32\Drivers\OEM13Afx.sys
    0xA1B8E000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xBA626000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xA10E1000 \SystemRoot\System32\Drivers\Null.SYS
    0xBA628000 \SystemRoot\System32\Drivers\Beep.SYS
    0xA1D7B000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
    0xA17B5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xA17AD000 \SystemRoot\System32\drivers\vga.sys
    0xBA62A000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBA62C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xA17A5000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xA179D000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xA1B82000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xA0671000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xA0618000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xA05F1000 \SystemRoot\System32\Drivers\Mpfp.sys
    0xA05CB000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xA13F3000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
    0xA05A3000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xA0581000 \SystemRoot\System32\drivers\afd.sys
    0xA13E3000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xA0556000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xA04E6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xA04B3000 \SystemRoot\system32\drivers\mfehidk.sys
    0xA13D3000 \SystemRoot\System32\Drivers\Fips.SYS
    0xA1795000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xA0D7B000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xA78D2000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xA0D6B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xA0479000 \SystemRoot\system32\DRIVERS\OEM13Vid.sys
    0xBA60A000 \SystemRoot\system32\DRIVERS\OEM13Vfx.sys
    0xA78CE000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xA039F000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xA06BC000 \SystemRoot\System32\drivers\Dxapi.sys
    0xA177D000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xA5421000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF024000 \SystemRoot\System32\igxpgd32.dll
    0xBF058000 \SystemRoot\System32\igxpdv32.DLL
    0xA0902000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xA5450000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
    0xBA789000 \SystemRoot\System32\Drivers\DLADResM.SYS
    0xA0346000 \SystemRoot\System32\Drivers\DLAIFS_M.SYS
    0xBA348000 \SystemRoot\System32\Drivers\DLAOPIOM.SYS
    0xBA590000 \SystemRoot\System32\Drivers\DLAPoolM.SYS
    0xBA350000 \SystemRoot\System32\Drivers\DLABMFSM.SYS
    0xBA358000 \SystemRoot\System32\Drivers\DLABOIOM.SYS
    0xA0330000 \SystemRoot\System32\Drivers\DLAUDFAM.SYS
    0xA0319000 \SystemRoot\System32\Drivers\DLAUDF_M.SYS
    0xA243B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA0264000 \SystemRoot\system32\drivers\wdmaud.sys
    0xA2653000 \SystemRoot\system32\drivers\sysaudio.sys
    0xA01C1000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xA011A000 \SystemRoot\system32\DRIVERS\srv.sys
    0x9FA43000 \SystemRoot\System32\Drivers\HTTP.sys
    0xA0CA7000 \SystemRoot\system32\drivers\mfebopk.sys
    0x9F591000 \SystemRoot\system32\drivers\mfeavfk.sys
    0x9F7F3000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0xBA188000 \SystemRoot\system32\drivers\mfesmfk.sys
    0xBFF50000 \SystemRoot\System32\TSDDD.dll
    0xBA3A8000 \SystemRoot\system32\drivers\mferkdk.sys
    0x9E1BB000 \SystemRoot\system32\drivers\kmixer.sys
    0xBF012000 \SystemRoot\System32\igxprd32.dll
    0xBF296000 \SystemRoot\System32\igxpdx32.DLL
    0xBA66A000 \SystemRoot\system32\DRIVERS\serscan.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 63):
    0 System Idle Process
    4 System
    472 C:\WINDOWS\system32\smss.exe
    520 csrss.exe
    592 C:\WINDOWS\system32\winlogon.exe
    940 C:\WINDOWS\system32\services.exe
    952 C:\WINDOWS\system32\lsass.exe
    1152 C:\WINDOWS\system32\svchost.exe
    1220 svchost.exe
    1260 C:\WINDOWS\system32\svchost.exe
    1380 svchost.exe
    1408 svchost.exe
    1548 C:\WINDOWS\system32\WLTRYSVC.EXE
    1604 C:\WINDOWS\system32\BCMWLTRY.EXE
    1680 C:\WINDOWS\system32\spoolsv.exe
    1724 C:\drivers\audio\R211990\stacsv.exe
    1820 svchost.exe
    1884 C:\WINDOWS\system32\svchost.exe
    1908 C:\Program Files\Java\jre6\bin\jqs.exe
    1940 C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe
    1972 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    2000 C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
    2020 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
    2044 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
    496 C:\Program Files\McAfee\MPF\MpfSrv.exe
    744 C:\WINDOWS\system32\drivers\o2flash.exe
    900 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    1184 C:\WINDOWS\system32\svchost.exe
    2156 explorer.exe
    2680 alg.exe
    2696 mcagent.exe
    3012 Apoint.exe
    3020 AESTFltr.exe
    3028 hkcmd.exe
    3052 OEM13Mon.exe
    3072 DellWMgr.exe
    3084 WLTRAY.EXE
    3136 PDVDDXSrv.exe
    3220 ApMsgFwd.exe
    3284 ISUSPM.exe
    3316 hidfind.exe
    3328 ApntEx.exe
    1520 C:\WINDOWS\system32\svchost.exe
    3852 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    728 csrss.exe
    2292 C:\WINDOWS\system32\winlogon.exe
    1168 C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    3648 C:\WINDOWS\explorer.exe
    300 C:\Program Files\DellTPad\Apoint.exe
    2716 C:\WINDOWS\system32\AESTFltr.exe
    3972 C:\WINDOWS\system32\hkcmd.exe
    3756 C:\WINDOWS\OEM13Mon.exe
    2880 C:\WINDOWS\system32\WLTRAY.EXE
    2872 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    920 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    848 C:\Program Files\DellTPad\ApMsgFwd.exe
    2868 C:\Program Files\DellTPad\hidfind.exe
    2508 C:\Program Files\DellTPad\ApntEx.exe
    5628 C:\WINDOWS\system32\wuauclt.exe
    4904 wuauclt.exe
    3116 C:\Program Files\Mozilla Firefox\firefox.exe
    5084 C:\Program Files\Mozilla Firefox\plugin-container.exe
    2092 C:\Documents and Settings\Lance\My Documents\Downloads\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)

    PhysicalDrive0 Model Number: WDCWD2500BJKT-75F4T0, Rev: 11.01A11

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Dell Inspiron MBR code detected
    SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B


    Done!
     
    llsshopping,
    #3
  5. 2010/08/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Go on....
     
    broni,
    #4
  6. 2010/08/20
    llsshopping

    llsshopping Inactive Thread Starter

    Joined:
    2009/12/22
    Messages:
    92
    Likes Received:
    0
    I am unsure what you mean.
     
    llsshopping,
    #5
  7. 2010/08/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Mbam....
     
    broni,
    #6
  8. 2010/08/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    ...and GMER...
     
    broni,
    #7
  9. 2010/08/20
    llsshopping

    llsshopping Inactive Thread Starter

    Joined:
    2009/12/22
    Messages:
    92
    Likes Received:
    0
    I am sorry, in my message I had indicated the problem. I realize you must get several and would not remember mine. I have tried to run it several times, but it keeps going to the blue screen.
     
    llsshopping,
    #8
  10. 2010/08/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    That's fine, sorry for that, but I still need new MBAM log, indicating, that all issues has been fixed.
     
    broni,
    #9
  11. 2010/08/20
    llsshopping

    llsshopping Inactive Thread Starter

    Joined:
    2009/12/22
    Messages:
    92
    Likes Received:
    0
    Sorry.

    The last log I have is old. I will rerun and post. By the way, each time I post here, I am directed to an ad requesting me to scan my PC and the page never finishes reloading.
     
    Last edited: 2010/08/20
    llsshopping,
    #10
  12. 2010/08/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Cool, thanks :)

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #11
  13. 2010/08/20
    llsshopping

    llsshopping Inactive Thread Starter

    Joined:
    2009/12/22
    Messages:
    92
    Likes Received:
    0
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4455

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    8/20/2010 11:37:54 PM
    mbam-log-2010-08-20 (23-37-54).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 203792
    Time elapsed: 30 minute(s), 24 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    llsshopping,
    #12
  14. 2010/08/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, continue with Combofix.
     
    broni,
    #13
  15. 2010/08/20
    llsshopping

    llsshopping Inactive Thread Starter

    Joined:
    2009/12/22
    Messages:
    92
    Likes Received:
    0
    ComboFix 10-08-19.02 - Lance 08/21/2010 0:01.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2471 [GMT -4:00]
    Running from: c:\documents and settings\Lance\Desktop\ComboFix.exe
    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\st326147.dll

    .
    ((((((((((((((((((((((((( Files Created from 2010-07-21 to 2010-08-21 )))))))))))))))))))))))))))))))
    .

    2010-08-14 11:56 . 2010-08-14 11:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
    2010-08-11 01:45 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-11 01:45 . 2010-08-11 01:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-11 01:45 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-20 22:20 . 2009-05-24 13:55 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-08-11 09:39 . 2009-10-15 00:07 -------- d-----w- c:\program files\McAfee
    2010-07-15 19:18 . 2009-10-15 00:07 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
    2010-06-30 12:31 . 2008-04-25 16:16 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:10 . 2008-04-25 16:16 667136 ----a-w- c:\windows\system32\wininet.dll
    2010-06-24 12:10 . 2008-04-25 16:16 81920 ----a-w- c:\windows\system32\ieencode.dll
    2010-06-24 02:14 . 2008-04-25 16:16 1861120 ----a-w- c:\windows\system32\win32k.sys
    2010-06-21 15:27 . 2008-04-25 16:16 354304 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-17 14:03 . 2008-04-25 16:16 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 14:31 . 2008-04-25 21:27 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-14 07:41 . 2008-04-25 16:16 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2009-05-24 13:50 . 2009-05-24 13:50 75 --sh--r- c:\windows\CT4CET.bin
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM "= "c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint "= "c:\program files\DellTPad\Apoint.exe" [2009-03-31 217088]
    "AESTFltr "= "c:\windows\system32\AESTFltr.exe" [2009-02-22 729088]
    "HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2009-01-22 178712]
    "OEM13Mon.exe "= "c:\windows\OEM13Mon.exe" [2009-01-19 36864]
    "DELL Webcam Manager "= "c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
    "Broadcom Wireless Manager UI "= "c:\windows\system32\WLTRAY.exe" [2008-12-12 2220032]
    "PDVDDXSrv "= "c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
    "mcagent_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @= "Driver "

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WSearch "=2 (0x2)
    "ERSvc "=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=

    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/14/2009 8:09 PM 93320]
    R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [5/24/2009 12:41 PM 112512]
    R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [5/24/2009 12:41 PM 51616]
    R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [5/24/2009 12:41 PM 41760]
    R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [5/24/2009 12:41 PM 141376]
    R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [5/24/2009 12:41 PM 7424]
    R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [5/24/2009 12:41 PM 235840]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08
    .
    Contents of the 'Scheduled Tasks' folder

    2010-06-15 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-15 16:22]

    2009-11-01 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-15 16:22]
    .
    .
    ------- Supplementary Scan -------
    .
    mStart Page = hxxp://www.dell.com
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Lance\Application Data\Mozilla\Firefox\Profiles\kq3smm6q.default\
    FF - prefs.js: browser.startup.homepage - hxxp://g.msn.com/USSMB/1
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - plugin: c:\documents and settings\Lance\Application Data\Move Networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol400.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-21 00:04
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(544)
    c:\windows\System32\BCMLogon.dll
    c:\windows\system32\igfxdev.dll
    .
    Completion time: 2010-08-21 00:05:44
    ComboFix-quarantined-files.txt 2010-08-21 04:05
    ComboFix2.txt 2010-03-22 23:21

    Pre-Run: 233,312,505,856 bytes free
    Post-Run: 233,695,387,648 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - 5002AB17692CCBAE6F4B7E0FFEEFFEF1
     
    llsshopping,
    #14
  16. 2010/08/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Combofix log looks clean now....

    Any current issues?

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start> "Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall "
    Click OK (Vista users - press Enter).
    Restart computer.

    ===============================================================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #15
  17. 2010/08/20
    llsshopping

    llsshopping Inactive Thread Starter

    Joined:
    2009/12/22
    Messages:
    92
    Likes Received:
    0
    OTL logfile created on: 8/21/2010 12:23:52 AM - Run 1
    OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Lance\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
    5.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.85 Gb Total Space | 217.71 Gb Free Space | 93.50% Space Free | Partition Type: NTFS
    Unable to calculate disk information.
    Drive E: | 149.04 Gb Total Space | 1.13 Gb Free Space | 0.76% Space Free | Partition Type: NTFS
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: LAPTOP
    Current User Name: Lance
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/08/21 00:19:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lance\Desktop\OTL.exe
    PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
    PRC - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
    PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
    PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
    PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
    PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
    PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
    PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2009/03/31 18:26:12 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
    PRC - [2009/03/31 18:25:54 | 000,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
    PRC - [2009/03/31 18:25:50 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
    PRC - [2009/02/22 19:49:34 | 000,249,938 | ---- | M] (IDT, Inc.) -- c:\drivers\audio\R211990\stacsv.exe
    PRC - [2009/02/22 19:49:28 | 000,729,088 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
    PRC - [2009/02/04 22:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    PRC - [2009/01/18 21:27:18 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OEM13Mon.exe
    PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/09/11 05:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/08/21 00:19:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lance\Desktop\OTL.exe
    MOD - [2008/04/14 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
    SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
    SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
    SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
    SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
    SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
    SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2009/02/22 19:49:34 | 000,249,938 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\drivers\audio\R211990\stacsv.exe -- (STacSV)
    SRV - [2009/01/21 15:10:44 | 000,072,224 | ---- | M] (O2Micro International) [Auto | Stopped] -- C:\WINDOWS\system32\drivers\o2flash.exe -- (O2FLASH)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys -- (USBModem)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
    DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\Lance\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
    DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
    DRV - [2009/03/31 18:25:48 | 000,196,144 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2009/02/22 19:49:38 | 001,548,339 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2009/02/22 19:49:26 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
    DRV - [2009/02/02 19:41:22 | 000,120,064 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2009/01/21 23:27:22 | 006,048,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2009/01/21 15:10:48 | 000,041,760 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2sdg.sys -- (O2SDGRDR)
    DRV - [2009/01/21 15:10:46 | 000,051,616 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mdg.sys -- (O2MDGRDR)
    DRV - [2009/01/19 15:41:16 | 000,328,728 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
    DRV - [2009/01/18 21:27:28 | 000,235,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM13Vid.sys -- (OEM13Vid)
    DRV - [2009/01/18 21:27:24 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM13Vfx.sys -- (OEM13Vfx)
    DRV - [2009/01/18 21:27:10 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM13Afx.sys -- (OEM13Afx)
    DRV - [2008/12/11 21:37:58 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2008/04/14 08:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/14 08:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2007/07/23 16:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
    DRV - [2007/07/23 16:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
    DRV - [2007/07/23 16:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2007/07/23 16:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2007/07/23 16:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2007/07/23 16:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2007/07/23 16:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2007/07/23 16:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2007/07/23 15:55:44 | 000,099,808 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
    DRV - [2007/07/23 15:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
    DRV - [2007/07/23 15:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2007/07/23 15:43:42 | 000,052,000 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
    DRV - [2007/04/09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2001/08/17 22:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 22:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 22:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 22:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 22:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 21:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 21:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 21:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 21:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 21:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 21:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 21:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 21:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 21:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 21:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USSMB/1

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USSMB/1
    IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://g.msn.com/USSMB/1 "
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

    FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/08/01 17:56:39 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/14 07:56:19 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/08 17:08:01 | 000,000,000 | ---D | M]

    [2009/11/18 21:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lance\Application Data\Mozilla\Extensions
    [2010/08/20 15:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lance\Application Data\Mozilla\Firefox\Profiles\kq3smm6q.default\extensions
    [2010/05/15 15:02:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Lance\Application Data\Mozilla\Firefox\Profiles\kq3smm6q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/08/20 15:05:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/03/02 21:26:38 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
    [2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    [2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    [2010/08/02 13:59:56 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

    O1 HOSTS File: ([2010/08/21 00:04:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [OEM13Mon.exe] C:\WINDOWS\OEM13Mon.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243640575500 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Lance\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lance\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
    Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
    Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
    Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
    Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
    Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
    Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
    Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
    Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
    Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
    Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/08/21 00:19:42 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lance\Desktop\OTL.exe
    [2010/08/21 00:01:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/08/20 23:48:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/08/20 23:48:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/08/20 23:48:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/08/20 23:48:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/08/20 23:48:18 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/08/14 07:55:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
    [2010/08/10 21:45:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/08/10 21:45:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/08/10 21:45:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

    ========== Files - Modified Within 90 Days ==========

    [2010/08/21 00:19:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lance\Desktop\OTL.exe
    [2010/08/21 00:08:38 | 000,013,653 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
    [2010/08/21 00:05:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/08/21 00:04:40 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/08/21 00:04:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/08/21 00:01:21 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2010/08/20 21:40:10 | 000,557,242 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/08/20 21:40:10 | 000,466,982 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/08/20 21:40:10 | 000,080,032 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/08/20 21:35:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/08/20 21:35:57 | 3180,212,224 | -HS- | M] () -- C:\hiberfil.sys
    [2010/08/20 18:21:00 | 000,123,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/08/20 18:20:07 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\Lance\NTUSER.DAT
    [2010/08/20 18:19:54 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Lance\ntuser.ini
    [2010/08/20 18:09:50 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Lance\Desktop\Mom'sMassCards.xls
    [2010/08/20 15:03:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/08/20 15:02:54 | 000,000,605 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/08/14 00:36:22 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\Lance\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2010/08/13 15:27:33 | 000,398,744 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
    [2010/07/17 21:22:15 | 000,001,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
    [2010/06/21 13:40:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/06/15 01:00:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job

    ========== Files Created - No Company Name ==========

    [2010/08/20 23:48:34 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/08/20 23:48:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/08/20 23:48:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/08/20 23:48:34 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/08/20 23:48:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/08/20 18:09:49 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Lance\Desktop\Mom'sMassCards.xls
    [2010/08/14 12:45:06 | 3180,212,224 | -HS- | C] () -- C:\hiberfil.sys
    [2009/10/31 19:51:58 | 000,000,131 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2009/09/26 21:38:10 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Lance\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/05/29 22:48:59 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2009/05/29 19:39:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009/05/24 12:41:17 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5016.dll
    [2009/05/24 12:40:19 | 000,001,153 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2009/05/24 09:57:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2009/05/24 09:51:46 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2009/05/24 09:50:53 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
    [2009/05/24 09:50:52 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
    [2008/04/25 17:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2009/05/24 09:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2010/01/16 23:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2010/03/02 21:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lance\Application Data\E-centives
    [2009/08/31 14:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lance\Application Data\ICAClient
    [2009/05/24 09:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lance\Application Data\Windows Desktop Search
    [2009/05/30 16:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lance\Application Data\Windows Search
    [2010/06/15 01:00:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
    [2009/11/01 01:01:12 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/03/22 19:14:13 | 000,000,281 | ---- | M] () -- C:\Boot.bak
    [2010/08/21 00:01:21 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
    [2010/08/21 00:05:44 | 000,012,289 | ---- | M] () -- C:\ComboFix.txt
    [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2009/05/24 12:42:13 | 000,003,960 | RH-- | M] () -- C:\dell.sdr
    [2010/08/20 21:35:57 | 3180,212,224 | -HS- | M] () -- C:\hiberfil.sys
    [2007/05/02 20:03:15 | 000,267,864 | ---- | M] (Hewlett-Packard) -- C:\hpzids01.dll
    [2008/04/25 17:29:32 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2008/04/25 17:29:32 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2008/04/14 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/04/14 08:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/08/20 21:35:56 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/03/15 15:32:10 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
    [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

    < %systemroot%\system32\*.wt >

    < %systemroot%\system32\*.ruy >

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

    < %systemroot%\*. /mp /s >


    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2008/04/25 05:21:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2008/04/25 05:21:09 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2008/04/25 05:21:09 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\system32\user32.dll /md5 >
    [2008/04/14 08:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

    < %systemroot%\system32\ws2_32.dll /md5 >
    [2008/04/14 08:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

    < %systemroot%\system32\ws2help.dll /md5 >
    [2008/04/14 08:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
    < End of report >
     
    llsshopping,
    #16
  18. 2010/08/20
    llsshopping

    llsshopping Inactive Thread Starter

    Joined:
    2009/12/22
    Messages:
    92
    Likes Received:
    0
    OTL Extras logfile created on: 8/21/2010 12:23:52 AM - Run 1
    OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Lance\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
    5.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.85 Gb Total Space | 217.71 Gb Free Space | 93.50% Space Free | Partition Type: NTFS
    Unable to calculate disk information.
    Drive E: | 149.04 Gb Total Space | 1.13 Gb Free Space | 0.76% Space Free | Partition Type: NTFS
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: LAPTOP
    Current User Name: Lance
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Dell Video Chat\DellVideoChat.exe" = C:\Program Files\Dell Video Chat\DellVideoChat.exe:*:Enabled:Dell Video Chat -- (Dell Inc. and SightSpeed Inc.)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
    "{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
    "{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
    "{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
    "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
    "{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
    "{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
    "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
    "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{324CEC09-007A-48eb-90E0-9D42D4D5EB0A}" = NetDeviceManager
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3E8DD348-4174-4fe8-8FDC-238AAFBD2488}" = HP Photosmart All-In-One Software 9.0
    "{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
    "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
    "{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant
    "{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
    "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
    "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
    "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
    "{EF0D2E55-6FE2-4e35-BE22-A742E85D84E3}" = PS_AIO_02_Software_min
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
    "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
    "{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
    "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Advanced Video FX Engine" = Advanced Video FX Engine
    "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "Creative OEM013" = Laptop Integrated Webcam Driver (1.01.01.0529)
    "Dell Video Chat" = Dell Video Chat
    "Dell Webcam Center" = Dell Webcam Center
    "Dell Webcam Manager" = Dell Webcam Manager
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
    "MSC" = McAfee SecurityCenter
    "Picasa 3" = Picasa 3
    "RealPlayer 6.0" = RealPlayer
    "Tweak UI 2.10" = Tweak UI
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Move Media Player" = Move Media Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 4/3/2010 8:05:36 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: A connection with the server could not be established

    Error - 4/3/2010 8:05:36 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 4/3/2010 8:05:36 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 4/9/2010 11:32:08 PM | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
    Description = Hanging application IEXPLORE.EXE, version 6.0.2900.5512, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 4/10/2010 10:36:18 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: A connection with the server could not be established

    Error - 4/10/2010 10:36:18 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 4/10/2010 10:36:18 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 4/10/2010 10:36:18 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 4/10/2010 10:36:18 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 4/10/2010 10:36:18 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    [ System Events ]
    Error - 8/12/2010 10:05:08 AM | Computer Name = LAPTOP | Source = PSched | ID = 14103
    Description = QoS [Adapter {26599C6E-039C-47FE-99A1-3A763A960524}]: The netcard driver
    failed the query for OID_GEN_LINK_SPEED.

    Error - 8/12/2010 10:40:16 AM | Computer Name = LAPTOP | Source = iaStor | ID = 262153
    Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
    period.

    Error - 8/12/2010 10:59:56 AM | Computer Name = LAPTOP | Source = PSched | ID = 14103
    Description = QoS [Adapter {26599C6E-039C-47FE-99A1-3A763A960524}]: The netcard driver
    failed the query for OID_GEN_LINK_SPEED.

    Error - 8/20/2010 2:52:29 PM | Computer Name = LAPTOP | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.1.5 on
    the Network Card with network address 00225FA31F2A.

    Error - 8/20/2010 6:31:09 PM | Computer Name = LAPTOP | Source = iaStor | ID = 262153
    Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
    period.

    Error - 8/20/2010 11:02:02 PM | Computer Name = LAPTOP | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service WSearch with
    arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error - 8/20/2010 11:02:24 PM | Computer Name = LAPTOP | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service WSearch with
    arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error - 8/20/2010 11:02:39 PM | Computer Name = LAPTOP | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service WSearch with
    arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error - 8/20/2010 11:49:26 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
    Description = The O2FLASH service terminated unexpectedly. It has done this 1 time(s).

    Error - 8/21/2010 12:01:38 AM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
    Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
    It has done this 1 time(s).


    < End of report >


    The PC seems to be working better.
     
    Last edited: 2010/08/20
    llsshopping,
    #17
  19. 2010/08/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =================================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 "DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 "DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
 "EnableFirewall" =dword:00000001

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==============================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Go to Kaspersky website and perform an online antivirus scan.

    • Disable your active antivirus program.
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
      • Archives
      • Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
    broni,
    #18
  20. 2010/08/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =================================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 "DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 "DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
 "EnableFirewall" =dword:00000001

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==============================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Go to Kaspersky website and perform an online antivirus scan.

    • Disable your active antivirus program.
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
      • Archives
      • Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
    broni,
    #19
  21. 2010/08/21
    llsshopping

    llsshopping Inactive Thread Starter

    Joined:
    2009/12/22
    Messages:
    92
    Likes Received:
    0
    Here they are:

    OTL logfile created on: 8/21/2010 12:23:52 AM - Run 1
    OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Lance\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
    5.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.85 Gb Total Space | 217.71 Gb Free Space | 93.50% Space Free | Partition Type: NTFS
    Unable to calculate disk information.
    Drive E: | 149.04 Gb Total Space | 1.13 Gb Free Space | 0.76% Space Free | Partition Type: NTFS
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: LAPTOP
    Current User Name: Lance
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/08/21 00:19:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lance\Desktop\OTL.exe
    PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
    PRC - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
    PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
    PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
    PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
    PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
    PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
    PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2009/03/31 18:26:12 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
    PRC - [2009/03/31 18:25:54 | 000,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
    PRC - [2009/03/31 18:25:50 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
    PRC - [2009/02/22 19:49:34 | 000,249,938 | ---- | M] (IDT, Inc.) -- c:\drivers\audio\R211990\stacsv.exe
    PRC - [2009/02/22 19:49:28 | 000,729,088 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
    PRC - [2009/02/04 22:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    PRC - [2009/01/18 21:27:18 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OEM13Mon.exe
    PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/09/11 05:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/08/21 00:19:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lance\Desktop\OTL.exe
    MOD - [2008/04/14 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
    SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
    SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
    SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
    SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
    SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
    SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2009/02/22 19:49:34 | 000,249,938 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\drivers\audio\R211990\stacsv.exe -- (STacSV)
    SRV - [2009/01/21 15:10:44 | 000,072,224 | ---- | M] (O2Micro International) [Auto | Stopped] -- C:\WINDOWS\system32\drivers\o2flash.exe -- (O2FLASH)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys -- (USBModem)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
    DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\Lance\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
    DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
    DRV - [2009/03/31 18:25:48 | 000,196,144 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2009/02/22 19:49:38 | 001,548,339 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2009/02/22 19:49:26 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
    DRV - [2009/02/02 19:41:22 | 000,120,064 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2009/01/21 23:27:22 | 006,048,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2009/01/21 15:10:48 | 000,041,760 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2sdg.sys -- (O2SDGRDR)
    DRV - [2009/01/21 15:10:46 | 000,051,616 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mdg.sys -- (O2MDGRDR)
    DRV - [2009/01/19 15:41:16 | 000,328,728 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
    DRV - [2009/01/18 21:27:28 | 000,235,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM13Vid.sys -- (OEM13Vid)
    DRV - [2009/01/18 21:27:24 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM13Vfx.sys -- (OEM13Vfx)
    DRV - [2009/01/18 21:27:10 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM13Afx.sys -- (OEM13Afx)
    DRV - [2008/12/11 21:37:58 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2008/04/14 08:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/14 08:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2007/07/23 16:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
    DRV - [2007/07/23 16:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
    DRV - [2007/07/23 16:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2007/07/23 16:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2007/07/23 16:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2007/07/23 16:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2007/07/23 16:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2007/07/23 16:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2007/07/23 15:55:44 | 000,099,808 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
    DRV - [2007/07/23 15:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
    DRV - [2007/07/23 15:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2007/07/23 15:43:42 | 000,052,000 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
    DRV - [2007/04/09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2001/08/17 22:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 22:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 22:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 22:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 22:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 21:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 21:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 21:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 21:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 21:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 21:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 21:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 21:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 21:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 21:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USSMB/1

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USSMB/1
    IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://g.msn.com/USSMB/1 "
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

    FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/08/01 17:56:39 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/14 07:56:19 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/08 17:08:01 | 000,000,000 | ---D | M]

    [2009/11/18 21:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lance\Application Data\Mozilla\Extensions
    [2010/08/20 15:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lance\Application Data\Mozilla\Firefox\Profiles\kq3smm6q.default\extensions
    [2010/05/15 15:02:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Lance\Application Data\Mozilla\Firefox\Profiles\kq3smm6q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/08/20 15:05:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/03/02 21:26:38 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
    [2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    [2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    [2010/08/02 13:59:56 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

    O1 HOSTS File: ([2010/08/21 00:04:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [OEM13Mon.exe] C:\WINDOWS\OEM13Mon.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243640575500 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Lance\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lance\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
    Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
    Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
    Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
    Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
    Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
    Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
    Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
    Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
    Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
    Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/08/21 00:19:42 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lance\Desktop\OTL.exe
    [2010/08/21 00:01:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/08/20 23:48:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/08/20 23:48:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/08/20 23:48:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/08/20 23:48:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/08/20 23:48:18 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/08/14 07:55:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
    [2010/08/10 21:45:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/08/10 21:45:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/08/10 21:45:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

    ========== Files - Modified Within 90 Days ==========

    [2010/08/21 00:19:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lance\Desktop\OTL.exe
    [2010/08/21 00:08:38 | 000,013,653 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
    [2010/08/21 00:05:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/08/21 00:04:40 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/08/21 00:04:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/08/21 00:01:21 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2010/08/20 21:40:10 | 000,557,242 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/08/20 21:40:10 | 000,466,982 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/08/20 21:40:10 | 000,080,032 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/08/20 21:35:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/08/20 21:35:57 | 3180,212,224 | -HS- | M] () -- C:\hiberfil.sys
    [2010/08/20 18:21:00 | 000,123,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/08/20 18:20:07 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\Lance\NTUSER.DAT
    [2010/08/20 18:19:54 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Lance\ntuser.ini
    [2010/08/20 18:09:50 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Lance\Desktop\Mom'sMassCards.xls
    [2010/08/20 15:03:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/08/20 15:02:54 | 000,000,605 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/08/14 00:36:22 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\Lance\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2010/08/13 15:27:33 | 000,398,744 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
    [2010/07/17 21:22:15 | 000,001,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
    [2010/06/21 13:40:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/06/15 01:00:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job

    ========== Files Created - No Company Name ==========

    [2010/08/20 23:48:34 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/08/20 23:48:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/08/20 23:48:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/08/20 23:48:34 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/08/20 23:48:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/08/20 18:09:49 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Lance\Desktop\Mom'sMassCards.xls
    [2010/08/14 12:45:06 | 3180,212,224 | -HS- | C] () -- C:\hiberfil.sys
    [2009/10/31 19:51:58 | 000,000,131 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2009/09/26 21:38:10 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Lance\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/05/29 22:48:59 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2009/05/29 19:39:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009/05/24 12:41:17 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5016.dll
    [2009/05/24 12:40:19 | 000,001,153 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2009/05/24 09:57:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2009/05/24 09:51:46 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2009/05/24 09:50:53 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
    [2009/05/24 09:50:52 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
    [2008/04/25 17:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2009/05/24 09:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2010/01/16 23:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2010/03/02 21:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lance\Application Data\E-centives
    [2009/08/31 14:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lance\Application Data\ICAClient
    [2009/05/24 09:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lance\Application Data\Windows Desktop Search
    [2009/05/30 16:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lance\Application Data\Windows Search
    [2010/06/15 01:00:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
    [2009/11/01 01:01:12 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/03/22 19:14:13 | 000,000,281 | ---- | M] () -- C:\Boot.bak
    [2010/08/21 00:01:21 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
    [2010/08/21 00:05:44 | 000,012,289 | ---- | M] () -- C:\ComboFix.txt
    [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2009/05/24 12:42:13 | 000,003,960 | RH-- | M] () -- C:\dell.sdr
    [2010/08/20 21:35:57 | 3180,212,224 | -HS- | M] () -- C:\hiberfil.sys
    [2007/05/02 20:03:15 | 000,267,864 | ---- | M] (Hewlett-Packard) -- C:\hpzids01.dll
    [2008/04/25 17:29:32 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2008/04/25 17:29:32 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2008/04/14 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/04/14 08:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/08/20 21:35:56 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/03/15 15:32:10 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
    [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

    < %systemroot%\system32\*.wt >

    < %systemroot%\system32\*.ruy >

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

    < %systemroot%\*. /mp /s >


    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2008/04/25 05:21:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2008/04/25 05:21:09 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2008/04/25 05:21:09 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\system32\user32.dll /md5 >
    [2008/04/14 08:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

    < %systemroot%\system32\ws2_32.dll /md5 >
    [2008/04/14 08:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

    < %systemroot%\system32\ws2help.dll /md5 >
    [2008/04/14 08:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
    < End of report >

    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 6 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Disabled!
    McAfee SecurityCenter
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 21
    Adobe Flash Player 10.1.53.64
    Adobe Reader 9.3.3
    Mozilla Firefox (3.6.8)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    McAfee VIRUSS~1 mcshield.exe
    McAfee VIRUSS~1 mcsysmon.exe
    ````````````````````````````````
    DNS Vulnerability Check:
    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Saturday, August 21, 2010
    Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Friday, August 20, 2010 22:22:39
    Records in database: 4130136
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\

    Scan statistics:
    Objects scanned: 61908
    Threats found: 0
    Infected objects found: 0
    Suspicious objects found: 0
    Scan duration: 01:20:08

    No threats found. Scanned area is clean.

    Selected area has been scanned.
     
    llsshopping,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...