1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved popups and other virus related activity

Discussion in 'Malware and Virus Removal Archive' started by tylerho, 2011/05/16.

  1. 2011/05/16
    tylerho

    tylerho Inactive Thread Starter

    Joined:
    2008/02/26
    Messages:
    87
    Likes Received:
    0
    [Resolved] popups and other virus related activity

    This computer has a lot of popups and other virus related activity. Below i have posted a hijack this log. Please advise on further cleaning if needed. Thank you for your time!

    [HJT log removed by Broni]
     
    Last edited by a moderator: 2011/05/16
    tylerho,
    #1
  2. 2011/05/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, complete all steps listed here: this post

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
    broni,
    #2


  3. to hide this advert.

  4. 2011/05/17
    tylerho

    tylerho Inactive Thread Starter

    Joined:
    2008/02/26
    Messages:
    87
    Likes Received:
    0
    Here are the requested posts:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6594

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 8.0.6001.19048

    5/16/2011 10:57:45 PM
    mbam-log-2011-05-16 (22-57-45).txt

    Scan type: Quick scan
    Objects scanned: 168103
    Time elapsed: 12 minute(s), 17 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 3
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\exqonczctruceg (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ofnojnvd (Trojan.FakeAlertRP.Gen) -> Value: ofnojnvd -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jkpmrlcd (Rogue.AntivirusSuite.Gen) -> Value: jkpmrlcd -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\s.longtin\AppData\Local\Temp\galfmoxoo\dupdkivxsik.exe (Trojan.FakeAlertRP.Gen) -> Quarantined and deleted successfully.
    c:\Users\s.longtin\AppData\Local\Temp\jar_cache1643100096506792584.tmp (Trojan.FakeAlertRP.Gen) -> Quarantined and deleted successfully.

    GMER 1.0.15.15627 - http://www.gmer.net
    Rootkit scan 2011-05-17 07:00:20
    Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9320320AS rev.DE06
    Running: 1t3dq979.exe; Driver: C:\Users\SF88D~1.LON\AppData\Local\Temp\aglcypog.sys


    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2784] kernel32.dll!LoadLibraryW 7611361F 5 Bytes JMP 6ECB9AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2784] kernel32.dll!LoadLibraryA 76119491 5 Bytes JMP 6ECB9A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\system32\mfevtps.exe[640] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00ED7740] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
    IAT C:\Windows\system32\mfevtps.exe[640] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00ED77A0] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 00B8E660
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 00B8E140
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 00B8D2A0
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 00B8EBE0
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] 00B8C260
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00B8BBD0
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 00B8BF90
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 00B8D100
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 00B8D7C0
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 00B8D550
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 00B8D740
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 00B8DC20
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 00B8D930
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileType] 00B8D450
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 00B8D690
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileSize] 00B8D240
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!WriteFile] 00B8D0C0
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetACP] 00B8E680
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 00B8C110
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 00B8E3A0
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalLock] 00B8E2C0
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 00B8E280
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] 00B8C940
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00B8BA30
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CloseHandle] 00B8D340
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00B8B9A0
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00B8BC80
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00B8A730
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!ReadFile] 00B8CC90
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetVersion] 00B8E650
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadIconW] 00B8E920
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadCursorW] 00B8E8C0
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [USER32.dll!CreateDialogParamW] 00B8EB10
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] 00B8EBB0
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadStringW] 00B8E9E0
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 00B8E5D0
    IAT c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe[684] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 00B8E580
    IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [743B8864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [743F9855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [743BB984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [743AFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [743B7A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [743AEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [743EB12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [743BBC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [743B0756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [743B06BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [743A71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7443D9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [743D7329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [743AE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [743A697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [743A69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [743B2475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 1 (build 6001), 32-bit
    Base Board Manufacturer: Dell Inc.
    BIOS Manufacturer: Dell Inc.
    System Manufacturer: Dell Inc.
    System Product Name: Studio 1537
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 161):
    0x82416000 \SystemRoot\system32\ntkrnlpa.exe
    0x827D1000 \SystemRoot\system32\hal.dll
    0x8040D000 \SystemRoot\system32\kdcom.dll
    0x80415000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x80475000 \SystemRoot\system32\PSHED.dll
    0x80486000 \SystemRoot\system32\BOOTVID.dll
    0x8048E000 \SystemRoot\system32\CLFS.SYS
    0x804CF000 \SystemRoot\system32\CI.dll
    0x80606000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x80682000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x8068F000 \SystemRoot\system32\drivers\acpi.sys
    0x806D5000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x806DE000 \SystemRoot\system32\drivers\msisadrv.sys
    0x806E6000 \SystemRoot\system32\drivers\pci.sys
    0x8070D000 \SystemRoot\System32\drivers\partmgr.sys
    0x8071C000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x8071F000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x80729000 \SystemRoot\system32\drivers\volmgr.sys
    0x80738000 \SystemRoot\System32\drivers\volmgrx.sys
    0x80782000 \SystemRoot\System32\drivers\mountmgr.sys
    0x80792000 \SystemRoot\system32\drivers\atapi.sys
    0x8079A000 \SystemRoot\system32\drivers\ataport.SYS
    0x807B8000 \SystemRoot\system32\drivers\msahci.sys
    0x807C2000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x805AF000 \SystemRoot\system32\drivers\fltmgr.sys
    0x807D0000 \SystemRoot\system32\drivers\fileinfo.sys
    0x82A0D000 \SystemRoot\system32\drivers\mfehidk.sys
    0x82A6A000 \SystemRoot\System32\Drivers\PxHelp20.sys
    0x82A73000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x82AE4000 \SystemRoot\system32\drivers\ndis.sys
    0x8A408000 \SystemRoot\system32\drivers\msrpc.sys
    0x8A433000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8A46D000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8A57C000 \SystemRoot\system32\drivers\volsnap.sys
    0x8A5B5000 \SystemRoot\System32\Drivers\spldr.sys
    0x8A5BD000 \SystemRoot\System32\Drivers\mup.sys
    0x8A5CC000 \SystemRoot\System32\drivers\ecache.sys
    0x82BEF000 \SystemRoot\system32\drivers\disk.sys
    0x8A607000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x8A628000 \SystemRoot\system32\drivers\crcdisk.sys
    0x8A653000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x8A65E000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x8E804000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
    0x8F121000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8F1C0000 \SystemRoot\System32\drivers\watchdog.sys
    0x8F1CD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x8A667000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8F1D8000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8F1E7000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8A6A5000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
    0x8F20D000 \SystemRoot\system32\DRIVERS\k57nd60x.sys
    0x8F242000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x8F252000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x8F260000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0x8F27A000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
    0x8F28B000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
    0x8F29F000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
    0x8F2F1000 \SystemRoot\system32\DRIVERS\itecir.sys
    0x8F349000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8F35C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8F367000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
    0x8F394000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8F39F000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8F3B7000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0x8F3BD000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x8F3CC000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x8F3D5000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x8F405000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8F433000 \SystemRoot\system32\DRIVERS\storport.sys
    0x8F474000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8F47F000 \SystemRoot\System32\Drivers\RootMdm.sys
    0x8F487000 \SystemRoot\system32\drivers\modem.sys
    0x8F494000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8F4AB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8F4B6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8F4D9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8F4E8000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8F4FC000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x8F511000 \SystemRoot\system32\DRIVERS\RimSerial.sys
    0x8F518000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8F528000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8F52A000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8F554000 \SystemRoot\system32\DRIVERS\circlass.sys
    0x8F562000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8F56C000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8F579000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8F5AE000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8F60B000 \SystemRoot\system32\DRIVERS\stwrt.sys
    0x8F66F000 \SystemRoot\system32\DRIVERS\portcls.sys
    0x8F69C000 \SystemRoot\system32\DRIVERS\drmk.sys
    0x8F6C1000 \SystemRoot\system32\drivers\IntcHdmi.sys
    0x8F6E2000 \SystemRoot\system32\DRIVERS\hidir.sys
    0x8F6ED000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x8F6FD000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x8F704000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x8F70D000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x8F715000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x8F72C000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8F72E000 \SystemRoot\system32\DRIVERS\OA001Vid.sys
    0x8F773000 \SystemRoot\system32\DRIVERS\OA001Ufd.sys
    0x8F794000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x8F79D000 \SystemRoot\System32\Drivers\Null.SYS
    0x8F7A4000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8F7AB000 \SystemRoot\System32\drivers\vga.sys
    0x8F7B7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8F7D8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8F7E0000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8F7E8000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8F5BF000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8F7F3000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x8FA00000 \SystemRoot\System32\drivers\tcpip.sys
    0x8FAE9000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8FB04000 \SystemRoot\system32\drivers\mfewfpk.sys
    0x8FB2B000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8FB41000 \SystemRoot\system32\DRIVERS\smb.sys
    0x8FB55000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8FB87000 \SystemRoot\system32\drivers\afd.sys
    0x8FBCF000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8FBE5000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
    0x8F5CD000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x8F5DB000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x8FC02000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8FC3E000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8FC48000 \SystemRoot\System32\Drivers\dfsc.sys
    0x8FC5F000 \SystemRoot\system32\drivers\mfeavfk.sys
    0x8FC83000 \SystemRoot\system32\drivers\mfefirek.sys
    0x8FCCE000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x8FCDB000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x8FCE6000 \SystemRoot\System32\Drivers\dump_msahci.sys
    0x98A70000 \SystemRoot\System32\win32k.sys
    0x8FCF0000 \SystemRoot\System32\drivers\Dxapi.sys
    0x98C90000 \SystemRoot\System32\TSDDD.dll
    0x8FD09000 \SystemRoot\system32\drivers\luafv.sys
    0x8FD24000 \SystemRoot\system32\drivers\spsys.sys
    0x8FDD3000 \SystemRoot\system32\DRIVERS\packet.sys
    0x8FDD9000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x81C07000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x81C31000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x81C3B000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x81C4E000 \SystemRoot\system32\drivers\HTTP.sys
    0x81CBB000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x81CD8000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x81CF1000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x81D06000 \SystemRoot\system32\drivers\mrxdav.sys
    0x81D26000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x81D45000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x81D7E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x81D96000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xACE08000 \SystemRoot\System32\DRIVERS\srv.sys
    0xACE6F000 \SystemRoot\System32\Drivers\fastfat.SYS
    0xACE97000 \SystemRoot\system32\drivers\peauth.sys
    0xACF75000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xACF7F000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xACFAF000 \SystemRoot\system32\drivers\cfwids.sys
    0xACFD1000 \SystemRoot\system32\drivers\BCM42RLY.sys
    0xACFD9000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0xACF8B000 \??\C:\Users\SF88D~1.LON\AppData\Local\Temp\aglcypog.sys
    0xACE57000 \SystemRoot\system32\DRIVERS\monitor.sys
    0xACFBB000 \SystemRoot\system32\drivers\mfeapfk.sys
    0x98CF0000 \SystemRoot\System32\cdd.dll
    0x77A40000 \Windows\System32\ntdll.dll

    Processes (total 94):
    0 System Idle Process
    4 System
    572 C:\Windows\System32\smss.exe
    648 csrss.exe
    692 C:\Windows\System32\wininit.exe
    700 csrss.exe
    736 C:\Windows\System32\services.exe
    764 C:\Windows\System32\lsass.exe
    772 C:\Windows\System32\lsm.exe
    812 C:\Windows\System32\winlogon.exe
    940 C:\Windows\System32\svchost.exe
    1004 C:\Windows\System32\svchost.exe
    1104 C:\Windows\System32\svchost.exe
    1132 C:\Windows\System32\svchost.exe
    1144 C:\Windows\System32\svchost.exe
    1172 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
    1296 C:\Windows\System32\audiodg.exe
    1392 C:\Windows\System32\svchost.exe
    1412 C:\Windows\System32\SLsvc.exe
    1444 C:\Windows\System32\svchost.exe
    1540 C:\Program Files\Dell\DellDock\DockLogin.exe
    1656 C:\Windows\System32\svchost.exe
    1768 C:\Windows\System32\WLTRYSVC.EXE
    1780 C:\Windows\System32\BCMWLTRY.EXE
    1796 C:\Windows\System32\wlanext.exe
    1908 C:\Windows\System32\spoolsv.exe
    1956 C:\Windows\System32\svchost.exe
    448 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
    580 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    656 C:\Program Files\Bonjour\mDNSResponder.exe
    684 C:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
    1240 C:\Windows\System32\svchost.exe
    640 C:\Windows\System32\mfevtps.exe
    1568 C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    2088 C:\Windows\System32\svchost.exe
    2392 C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    2432 C:\Windows\System32\svchost.exe
    2472 C:\Windows\System32\svchost.exe
    2540 C:\Windows\System32\SearchIndexer.exe
    2596 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    2640 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    2784 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    3376 C:\Windows\System32\taskeng.exe
    3464 C:\Windows\System32\dwm.exe
    3512 C:\Windows\explorer.exe
    3780 C:\Program Files\Dell\DellDock\DellDock.exe
    3788 C:\Windows\System32\igfxsrvc.exe
    2460 WmiPrvSE.exe
    2712 C:\Program Files\DellTPad\Apoint.exe
    3896 C:\Program Files\IDT\WDM\sttray.exe
    3756 C:\Windows\System32\WLTRAY.EXE
    3812 C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
    3984 C:\Program Files\Dell\MediaDirect\PCMService.exe
    3996 C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
    1360 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    3016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    3948 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    1084 C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    2456 C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
    1824 C:\Program Files\iTunes\iTunesHelper.exe
    1996 C:\Windows\System32\hkcmd.exe
    3240 C:\Windows\System32\igfxpers.exe
    2920 C:\Program Files\Windows Sidebar\sidebar.exe
    3244 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    3108 C:\Program Files\Skype\Phone\Skype.exe
    3044 C:\Windows\ehome\ehtray.exe
    768 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    2844 C:\Program Files\Dell\QuickSet\quickset.exe
    2688 C:\Windows\System32\wbem\unsecapp.exe
    2676 C:\Windows\ehome\ehmsas.exe
    2968 C:\Program Files\DellTPad\ApMsgFwd.exe
    608 C:\Program Files\DellTPad\hidfind.exe
    1272 C:\Program Files\DellTPad\ApntEx.exe
    4592 C:\Program Files\iPod\bin\iPodService.exe
    4872 C:\Program Files\Skype\Plugin Manager\skypePM.exe
    5408 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    5548 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    5596 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    5268 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    3112 C:\Program Files\McAfee.com\Agent\mcagent.exe
    6104 C:\Windows\System32\taskeng.exe
    1664 C:\Windows\System32\svchost.exe
    280 C:\Windows\System32\mobsync.exe
    3500 C:\Program Files\Internet Explorer\iexplore.exe
    248 C:\Program Files\Internet Explorer\iexplore.exe
    5736 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    5196 C:\Windows\System32\wuauclt.exe
    4600 C:\Windows\System32\SearchProtocolHost.exe
    3308 C:\Windows\System32\SearchFilterHost.exe
    1468 C:\Program Files\Internet Explorer\iexplore.exe
    4180 C:\Program Files\Internet Explorer\iexplore.exe
    3588 C:\Windows\System32\SearchProtocolHost.exe
    4568 WmiPrvSE.exe
    3168 C:\Users\s.longtin\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`abf38a00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)

    PhysicalDrive0 Model Number: ST9320320AS, Rev: DE06

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Dell Inspiron MBR code detected
    SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B


    Done!

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by s.longtin at 17:00:50.40 on Tue 05/17/2011
    Internet Explorer: 8.0.6001.19048
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.3030.1529 [GMT -5:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\System32\bcmwltry.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\system32\mfevtps.exe
    C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\mobsync.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
    C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\s.longtin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B2RGVL4R\dds[1].scr
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Page_URL = hxxp://www.msn.com
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:47392
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101104091016.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll "
    BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll "
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150600.exe -Update -1150600 - "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; MDDC; .NET CLR 3.5.30729; .NET CLR 3.0.30618; InfoPath.2; AskTB5.5; msn OptimizedIE8;ENUS)" - "http://www.xnet.se/xpo/games/netgems.html "
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
    mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe "
    mRun: [LoJackForLaptops] c:\program files\lflinstall\InstallManager.exe /d60 /dd1 /bd0
    mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
    mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [hpqSRMon]
    mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe "
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\users\sf88d~1.lon\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-9-19 386840]
    R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-9-19 64304]
    R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-9-19 164840]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2009-5-20 81920]
    R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
    R2 McMPFSvc;McAfee Personal Firewall Service; "c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-19 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer; "c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-19 271480]
    R2 McProxy;McAfee Proxy Service; "c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-19 271480]
    R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-19 171168]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-19 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-9-19 141792]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-19 55840]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-5-20 112128]
    R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-5-20 54784]
    R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-5-20 203264]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-9-19 152960]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-19 313288]
    R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-5-20 133472]
    R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-5-20 279488]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-15 183560]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-9-19 52104]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-19 84264]
    S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-05-17 04:26:08 100736 ----a-w- C:\aglcypog.sys
    2011-05-17 03:44:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-17 03:44:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-17 03:44:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-17 00:31:33 -------- d-----w- c:\users\sf88d~1.lon\appdata\roaming\HpUpdate
    2011-05-17 00:31:16 -------- d-----w- c:\windows\Hewlett-Packard
    2011-04-27 04:53:38 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2011-04-27 04:53:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    .
    ==================== Find3M ====================
    .
    2011-03-10 16:12:54 1161728 ----a-w- c:\windows\system32\mfc42u.dll
    2011-03-10 16:12:54 1136640 ----a-w- c:\windows\system32\mfc42.dll
    2011-03-03 15:00:15 738816 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-03 14:56:29 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2011-03-03 14:56:26 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2011-03-03 14:56:25 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
    2011-03-03 14:56:25 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
    2011-03-03 12:53:48 2040832 ----a-w- c:\windows\system32\win32k.sys
    2011-03-02 14:49:43 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-02-22 06:21:28 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-02-22 06:17:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-02-22 06:16:53 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-02-22 06:16:40 71680 ----a-w- c:\windows\system32\iesetup.dll
    2011-02-22 06:16:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2011-02-22 05:20:39 385024 ----a-w- c:\windows\system32\html.iec
    2011-02-22 04:43:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-02-22 04:42:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-02-17 06:23:50 420864 ----a-w- c:\windows\system32\vbscript.dll
    .
    ============= FINISH: 17:01:51.46 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft® Windows Vistaâ„¢ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 5/20/2009 8:15:19 AM
    System Uptime: 5/17/2011 2:33:37 PM (3 hours ago)
    .
    Motherboard: Dell Inc. | | 0P173H
    Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz | U2E1 | 2200/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 283 GiB total, 181.377 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 7.636 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    32 Bit HP CIO Components Installer
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9
    Adobe Shockwave Player 11.5
    Advanced Audio FX Engine
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    Banctec Service Agreement
    Bing Bar
    Bing Rewards Client Installer
    BlackBerry Desktop Software 5.0.1
    BlackBerry® Media Sync
    Bonjour
    BufferChm
    Cards_Calendar_OrderGift_DoMorePlugout
    Choice Guard
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Compatibility Pack for the 2007 Office system
    Complete Care Consumer Service Agreement
    Copy
    CustomerResearchQFolder
    Dell-eBay
    Dell DataSafe Online
    Dell Dock
    Dell Edoc Viewer
    Dell Getting Started Guide
    Dell Remote Access
    Dell Support Center (Support Software)
    Dell Touchpad
    Dell Video Chat
    Dell Webcam Central
    Dell Wireless WLAN Card Utility
    DELL0703
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DocProc
    DocProcQFolder
    eSupportQFolder
    Google Toolbar for Internet Explorer
    GoToAssist 8.0.0.514
    GPBaseService
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Customer Participation Program 10.0
    HP Imaging Device Functions 10.0
    HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
    HP Photosmart Essential 2.5
    HP Smart Web Printing
    HP Solution Center 10.0
    HP Update
    HPPhotoSmartPhotobookWebPack1
    HPProductAssistant
    HPSSupply
    iDump (Freeware) Build:29
    Integrated Webcam Driver (1.05.02.1227)
    Intel(R) Graphics Media Accelerator Driver
    iPod for Windows 2005-10-12
    iPod To Computer Transfer 5.3
    ITECIR Driver
    iTunes
    Java(TM) 6 Update 11
    Junk Mail filter update
    Live! Cam Avatar Creator
    Malwarebytes' Anti-Malware
    MarketResearch
    McAfee SecurityCenter
    MediaDirect
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Default Manager
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    Move Networks Media Player for Internet Explorer
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton Security Scan
    OCR Software by I.R.I.S. 10.0
    OGA Notifier 2.0.0048.0
    PanoStandAlone
    PMB
    PS_AIO_03_C4400_ProductContext
    PS_AIO_03_C4400_Software
    PS_AIO_03_C4400_Software_Min
    PSSWCORE
    QuickSet
    QuickTime
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Media Manager
    Roxio Update Manager
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2466156)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Shop for HP Supplies
    Skype Toolbars
    Skypeâ„¢ 5.1
    SmartWebPrintingOC
    SolutionCenter
    Status
    Toolbox
    TrayApp
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2522999)
    VideoToolkit01
    WebReg
    WildTangent Games
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    .
    ==== End Of File ===========================
     
    tylerho,
    #3
  5. 2011/05/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #4
  6. 2011/05/17
    tylerho

    tylerho Inactive Thread Starter

    Joined:
    2008/02/26
    Messages:
    87
    Likes Received:
    0
    ComboFix 11-05-17.01 - s.longtin 05/17/2011 19:58:32.1.2 - x86
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.3030.1426 [GMT -5:00]
    Running from: c:\users\s.longtin\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\s.longtin\AppData\Roaming\Install.dat
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-18 to 2011-05-18 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-17 04:26 . 2011-05-17 04:26 100736 ----a-w- C:\aglcypog.sys
    2011-05-17 03:44 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-17 03:44 . 2011-05-17 03:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-17 03:44 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-17 00:31 . 2011-05-17 00:35 -------- d-----w- c:\users\s.longtin\AppData\Roaming\HpUpdate
    2011-05-17 00:31 . 2011-05-17 00:31 -------- d-----w- c:\windows\Hewlett-Packard
    2011-04-27 04:53 . 2011-03-03 14:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2011-04-27 04:53 . 2011-03-03 13:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-10 16:12 . 2011-04-15 12:21 1161728 ----a-w- c:\windows\system32\mfc42u.dll
    2011-03-10 16:12 . 2011-04-15 12:21 1136640 ----a-w- c:\windows\system32\mfc42.dll
    2011-03-03 15:00 . 2011-04-15 12:21 738816 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-03 14:56 . 2011-04-27 04:53 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2011-03-03 14:56 . 2011-04-27 04:53 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2011-03-03 14:56 . 2011-04-27 04:53 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
    2011-03-03 14:56 . 2011-04-27 04:53 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
    2011-03-03 12:53 . 2011-04-15 12:21 2040832 ----a-w- c:\windows\system32\win32k.sys
    2011-03-02 14:49 . 2011-04-15 12:21 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-02-22 12:52 . 2011-04-15 12:21 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-02-22 12:52 . 2011-04-15 12:21 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-02-22 12:51 . 2011-04-15 12:21 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-02-22 12:51 . 2011-04-15 12:21 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
    2011-02-22 06:21 . 2011-04-15 12:21 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-02-22 06:17 . 2011-04-15 12:21 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-02-22 06:16 . 2011-04-15 12:21 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-02-22 06:16 . 2011-04-15 12:21 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2011-02-22 06:16 . 2011-04-15 12:21 71680 ----a-w- c:\windows\system32\iesetup.dll
    2011-02-22 05:20 . 2011-04-15 12:21 385024 ----a-w- c:\windows\system32\html.iec
    2011-02-22 04:43 . 2011-04-15 12:21 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-02-22 04:42 . 2011-04-15 12:21 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-02-18 13:31 . 2011-04-15 12:21 304640 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-02-18 13:31 . 2011-04-15 12:21 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-02-18 13:31 . 2011-04-15 12:21 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-02-17 06:23 . 2011-04-15 12:21 420864 ----a-w- c:\windows\system32\vbscript.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2009-09-02 20:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "ISUSPM "= "c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
    "Skype "= "c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
    "ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint "= "c:\program files\DellTPad\Apoint.exe" [2008-07-17 196608]
    "SysTrayApp "= "c:\program files\IDT\WDM\sttray.exe" [2008-12-22 483420]
    "Broadcom Wireless Manager UI "= "c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "Dell Webcam Central "= "c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
    "PCMService "= "c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
    "Dell DataSafe Online "= "c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2008-11-03 1745648]
    "dellsupportcenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-30 206064]
    "GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
    "BlackBerryAutoUpdate "= "c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
    "RoxWatchTray "= "c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
    "mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
    "Microsoft Default Manager "= "c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "PMBVolumeWatcher "= "c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
    "IgfxTray "= "c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
    "HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
    "Persistence "= "c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
    "Malwarebytes' Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
    .
    c:\users\s.longtin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
    QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-9 1616976]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle "= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2009-05-20 18:58 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux "=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=" "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @= "Driver "
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-15 183560]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-14 84264]
    R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-04 22904]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-14 64304]
    S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-14 164840]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-12-22 81920]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-14 188136]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-14 141792]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-14 55840]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-11-21 112128]
    S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2008-07-28 54784]
    S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-05-29 203264]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-14 313288]
    S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-01-19 133472]
    S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-01-19 279488]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - aglcypog
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-13 c:\windows\Tasks\Norton Security Scan for s.longtin.job
    - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-21 14:48]
    .
    2011-05-18 c:\windows\Tasks\User_Feed_Synchronization-{249FC342-E3F0-417A-B2E6-5B50FA1A620E}.job
    - c:\windows\system32\msfeedssync.exe [2011-04-15 04:43]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:47392
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    HKLM-Run-LoJackForLaptops - c:\program files\LFLInstall\InstallManager.exe
    HKLM-Run-hpqSRMon - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-17 20:12
    Windows 6.0.6001 Service Pack 1 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    .
    c:\users\SF88D~1.LON\AppData\Local\Temp\catchme.dll 53248 bytes executable
    .
    scan completed successfully
    hidden files: 1
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
    "ImagePath "= "\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms "
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    Completion time: 2011-05-17 20:21:26
    ComboFix-quarantined-files.txt 2011-05-18 01:21
    .
    Pre-Run: 197,752,684,544 bytes free
    Post-Run: 200,517,574,656 bytes free
    .
    - - End Of File - - 89B1B55D2D76CCA73B806E113D28897E
     
    tylerho,
    #5
  7. 2011/05/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Uninstall Ask Toolbar, known foistware.

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box
    • Click OK
    Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:47392

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
    broni,
    #6
  8. 2011/05/17
    tylerho

    tylerho Inactive Thread Starter

    Joined:
    2008/02/26
    Messages:
    87
    Likes Received:
    0
    ComboFix 11-05-17.01 - s.longtin 05/17/2011 20:39:50.2.2 - x86
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.3030.1364 [GMT -5:00]
    Running from: c:\users\s.longtin\Desktop\ComboFix.exe
    Command switches used :: c:\users\s.longtin\Desktop\CFScript.txt
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-18 to 2011-05-18 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-18 01:47 . 2011-05-18 01:47 -------- d-----w- c:\users\s.longtin\AppData\Local\temp
    2011-05-18 01:47 . 2011-05-18 01:47 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-05-17 04:26 . 2011-05-17 04:26 100736 ----a-w- C:\aglcypog.sys
    2011-05-17 03:44 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-17 03:44 . 2011-05-17 03:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-17 03:44 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-17 00:31 . 2011-05-17 00:35 -------- d-----w- c:\users\s.longtin\AppData\Roaming\HpUpdate
    2011-05-17 00:31 . 2011-05-17 00:31 -------- d-----w- c:\windows\Hewlett-Packard
    2011-04-27 04:53 . 2011-03-03 14:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2011-04-27 04:53 . 2011-03-03 13:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-10 16:12 . 2011-04-15 12:21 1161728 ----a-w- c:\windows\system32\mfc42u.dll
    2011-03-10 16:12 . 2011-04-15 12:21 1136640 ----a-w- c:\windows\system32\mfc42.dll
    2011-03-03 15:00 . 2011-04-15 12:21 738816 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-03 14:56 . 2011-04-27 04:53 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2011-03-03 14:56 . 2011-04-27 04:53 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2011-03-03 14:56 . 2011-04-27 04:53 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
    2011-03-03 14:56 . 2011-04-27 04:53 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
    2011-03-03 12:53 . 2011-04-15 12:21 2040832 ----a-w- c:\windows\system32\win32k.sys
    2011-03-02 14:49 . 2011-04-15 12:21 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-02-22 12:52 . 2011-04-15 12:21 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-02-22 12:52 . 2011-04-15 12:21 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-02-22 12:51 . 2011-04-15 12:21 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-02-22 12:51 . 2011-04-15 12:21 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
    2011-02-22 06:21 . 2011-04-15 12:21 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-02-22 06:17 . 2011-04-15 12:21 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-02-22 06:16 . 2011-04-15 12:21 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-02-22 06:16 . 2011-04-15 12:21 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2011-02-22 06:16 . 2011-04-15 12:21 71680 ----a-w- c:\windows\system32\iesetup.dll
    2011-02-22 05:20 . 2011-04-15 12:21 385024 ----a-w- c:\windows\system32\html.iec
    2011-02-22 04:43 . 2011-04-15 12:21 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-02-22 04:42 . 2011-04-15 12:21 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-02-18 13:31 . 2011-04-15 12:21 304640 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-02-18 13:31 . 2011-04-15 12:21 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-02-18 13:31 . 2011-04-15 12:21 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-02-17 06:23 . 2011-04-15 12:21 420864 ----a-w- c:\windows\system32\vbscript.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2009-09-02 20:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "ISUSPM "= "c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
    "Skype "= "c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
    "ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint "= "c:\program files\DellTPad\Apoint.exe" [2008-07-17 196608]
    "SysTrayApp "= "c:\program files\IDT\WDM\sttray.exe" [2008-12-22 483420]
    "Broadcom Wireless Manager UI "= "c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "Dell Webcam Central "= "c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
    "PCMService "= "c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
    "Dell DataSafe Online "= "c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2008-11-03 1745648]
    "dellsupportcenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-30 206064]
    "GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
    "BlackBerryAutoUpdate "= "c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
    "RoxWatchTray "= "c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
    "mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
    "Microsoft Default Manager "= "c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "PMBVolumeWatcher "= "c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
    "IgfxTray "= "c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
    "HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
    "Persistence "= "c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
    "Malwarebytes' Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
    .
    c:\users\s.longtin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
    QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-9 1616976]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle "= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2009-05-20 18:58 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux "=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=" "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @= "Driver "
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-15 183560]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-14 84264]
    R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-04 22904]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-14 64304]
    S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-14 164840]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-12-22 81920]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-14 188136]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-14 141792]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-14 55840]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-11-21 112128]
    S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2008-07-28 54784]
    S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-05-29 203264]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-14 313288]
    S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-01-19 133472]
    S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-01-19 279488]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - aglcypog
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-13 c:\windows\Tasks\Norton Security Scan for s.longtin.job
    - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-21 14:48]
    .
    2011-05-18 c:\windows\Tasks\User_Feed_Synchronization-{249FC342-E3F0-417A-B2E6-5B50FA1A620E}.job
    - c:\windows\system32\msfeedssync.exe [2011-04-15 04:43]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-17 20:47
    Windows 6.0.6001 Service Pack 1 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
    "ImagePath "= "\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms "
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    Completion time: 2011-05-17 20:49:57
    ComboFix-quarantined-files.txt 2011-05-18 01:49
    ComboFix2.txt 2011-05-18 01:21
    .
    Pre-Run: 199,817,408,512 bytes free
    Post-Run: 199,784,443,904 bytes free
    .
    - - End Of File - - 51BFA8DE43C909983B16644863216EB3
     
    tylerho,
    #7
  9. 2011/05/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You didn't:
    Why?
    Please, do it now.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #8
  10. 2011/05/17
    tylerho

    tylerho Inactive Thread Starter

    Joined:
    2008/02/26
    Messages:
    87
    Likes Received:
    0
    The computer seems to be working much better.

    Here are the two logs you requested...

    OTL logfile created on: 5/17/2011 11:25:28 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\s.longtin\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19048)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
    6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 283.40 Gb Total Space | 185.86 Gb Free Space | 65.58% Space Free | Partition Type: NTFS
    Drive D: | 14.65 Gb Total Space | 7.64 Gb Free Space | 52.13% Space Free | Partition Type: NTFS

    Computer Name: SLONGTIN | User Name: s.longtin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/05/17 23:23:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\s.longtin\Desktop\OTL.exe
    PRC - [2011/02/14 02:30:50 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/01/17 17:15:32 | 000,822,560 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcupdate.exe
    PRC - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    PRC - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
    PRC - [2010/09/30 13:10:36 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
    PRC - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    PRC - [2010/03/24 16:42:10 | 000,599,328 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
    PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    PRC - [2009/11/19 22:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    PRC - [2009/10/24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    PRC - [2009/08/25 22:10:08 | 000,277,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    PRC - [2009/05/20 15:58:36 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/02/27 15:10:16 | 001,316,192 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
    PRC - [2009/01/30 00:50:06 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    PRC - [2009/01/30 00:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    PRC - [2009/01/05 17:19:10 | 000,824,560 | ---- | M] (Dell Inc.) -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
    PRC - [2008/12/22 04:26:46 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
    PRC - [2008/12/22 04:26:36 | 000,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
    PRC - [2008/12/22 04:26:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
    PRC - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
    PRC - [2008/11/03 09:54:00 | 001,745,648 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
    PRC - [2008/07/17 07:00:36 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
    PRC - [2008/07/17 07:00:18 | 000,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
    PRC - [2008/07/17 07:00:18 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
    PRC - [2008/07/17 07:00:16 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
    PRC - [2008/07/09 14:31:46 | 001,616,976 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
    PRC - [2008/06/03 15:54:56 | 000,446,635 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
    PRC - [2008/01/14 10:13:02 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/05/17 23:23:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\s.longtin\Desktop\OTL.exe
    MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/02/15 02:59:26 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/14 02:30:50 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
    SRV - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
    SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV - [2009/10/24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
    SRV - [2009/05/22 13:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2009/05/20 13:58:54 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2009/01/30 00:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
    SRV - [2009/01/05 17:19:10 | 000,824,560 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
    SRV - [2008/12/22 04:26:36 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
    SRV - [2008/12/22 04:26:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
    SRV - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2010/10/13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
    DRV - [2010/10/13 22:28:54 | 000,164,840 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
    DRV - [2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2010/10/13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2010/10/13 22:28:54 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
    DRV - [2010/10/13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
    DRV - [2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2009/01/19 07:38:16 | 000,133,472 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
    DRV - [2009/01/19 07:38:12 | 000,279,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
    DRV - [2008/12/22 05:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
    DRV - [2008/12/22 04:26:50 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2008/11/21 06:06:30 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
    DRV - [2008/11/04 18:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
    DRV - [2008/07/28 04:46:32 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
    DRV - [2008/07/17 07:00:14 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2008/07/03 03:58:26 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2008/07/03 03:58:24 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2008/07/03 03:58:22 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2008/06/17 11:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
    DRV - [2008/05/29 06:03:34 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
    DRV - [2008/01/20 21:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
    DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



    IE - HKU\S-1-5-21-1926542827-633599467-1570236915-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
    IE - HKU\S-1-5-21-1926542827-633599467-1570236915-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-1926542827-633599467-1570236915-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKU\S-1-5-21-1926542827-633599467-1570236915-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-1926542827-633599467-1570236915-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/12/24 04:10:03 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2011/05/17 20:12:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101104091016.dll (McAfee, Inc.)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKU\S-1-5-21-1926542827-633599467-1570236915-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-1926542827-633599467-1570236915-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
    O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
    O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O4 - Startup: C:\Users\s.longtin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1926542827-633599467-1570236915-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1926542827-633599467-1570236915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.220.0.10 24.220.0.11
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O24 - Desktop WallPaper: C:\Users\s.longtin\Pictures\Roma\last week\the end\fb1\the end 048.JPG
    O24 - Desktop BackupWallPaper: C:\Users\s.longtin\Pictures\Roma\last week\the end\fb1\the end 048.JPG
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/05/17 23:23:04 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\s.longtin\Desktop\OTL.exe
    [2011/05/17 20:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2011/05/17 20:49:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/05/17 20:49:59 | 000,000,000 | ---D | C] -- C:\Users\s.longtin\AppData\Local\temp
    [2011/05/17 20:49:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/05/17 20:38:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/05/17 19:54:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/05/17 19:54:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/05/17 19:54:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/05/17 19:53:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/05/17 19:53:43 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/05/16 23:26:08 | 000,100,736 | ---- | C] (GMER) -- C:\aglcypog.sys
    [2011/05/16 22:58:28 | 000,000,000 | ---D | C] -- C:\Users\s.longtin\Desktop\Logs
    [2011/05/16 22:44:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/05/16 22:44:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/05/16 22:44:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/05/16 22:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/05/16 19:31:33 | 000,000,000 | ---D | C] -- C:\Users\s.longtin\AppData\Roaming\HpUpdate
    [2011/05/16 19:31:16 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
    [2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
    [2009/07/28 23:18:55 | 008,293,568 | ---- | C] (Dell, Inc. ) -- C:\Users\s.longtin\AppData\Roaming\DataSafeDotNet.exe
    [2 C:\Users\s.longtin\Documents\*.tmp files -> C:\Users\s.longtin\Documents\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/05/17 23:23:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\s.longtin\Desktop\OTL.exe
    [2011/05/17 23:19:09 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{249FC342-E3F0-417A-B2E6-5B50FA1A620E}.job
    [2011/05/17 23:15:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/05/17 20:56:30 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/05/17 20:56:30 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/05/17 20:56:22 | 3178,086,400 | -HS- | M] () -- C:\hiberfil.sys
    [2011/05/17 20:12:17 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/05/17 19:52:29 | 004,350,161 | R--- | M] () -- C:\Users\s.longtin\Desktop\ComboFix.exe
    [2011/05/17 16:56:04 | 000,080,384 | ---- | M] () -- C:\Users\s.longtin\Desktop\MBRCheck.exe
    [2011/05/16 23:36:38 | 291,679,090 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/05/16 23:26:08 | 000,100,736 | ---- | M] (GMER) -- C:\aglcypog.sys
    [2011/05/16 23:01:53 | 000,302,080 | ---- | M] () -- C:\Users\s.longtin\Desktop\1t3dq979.exe
    [2011/05/16 22:44:13 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/13 12:06:15 | 000,000,566 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for s.longtin.job
    [2011/05/09 20:24:40 | 000,000,680 | ---- | M] () -- C:\Users\s.longtin\AppData\Local\d3d9caps.dat
    [2011/04/26 17:24:52 | 000,487,254 | ---- | M] () -- C:\Users\s.longtin\Documents\Itinerary.mht
    [2011/04/26 17:18:59 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/04/26 17:18:59 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/04/25 05:35:03 | 000,020,992 | ---- | M] () -- C:\Users\s.longtin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2 C:\Users\s.longtin\Documents\*.tmp files -> C:\Users\s.longtin\Documents\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/05/17 19:54:05 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/05/17 19:54:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/05/17 19:54:05 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/05/17 19:54:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/05/17 19:54:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/05/17 19:52:29 | 004,350,161 | R--- | C] () -- C:\Users\s.longtin\Desktop\ComboFix.exe
    [2011/05/17 16:56:04 | 000,080,384 | ---- | C] () -- C:\Users\s.longtin\Desktop\MBRCheck.exe
    [2011/05/16 23:01:51 | 000,302,080 | ---- | C] () -- C:\Users\s.longtin\Desktop\1t3dq979.exe
    [2011/05/16 22:44:13 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/04/26 17:24:52 | 000,487,254 | ---- | C] () -- C:\Users\s.longtin\Documents\Itinerary.mht
    [2010/12/31 16:49:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
    [2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
    [2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
    [2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
    [2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
    [2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
    [2009/09/16 21:24:39 | 000,157,621 | ---- | C] () -- C:\Windows\hpoins29.dat.temp
    [2009/09/16 21:24:39 | 000,000,986 | ---- | C] () -- C:\Windows\hpomdl29.dat.temp
    [2009/09/16 21:12:43 | 000,157,552 | ---- | C] () -- C:\Windows\hpoins29.dat
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/06/13 18:31:46 | 000,000,680 | ---- | C] () -- C:\Users\s.longtin\AppData\Local\d3d9caps.dat
    [2009/06/02 14:39:54 | 000,020,992 | ---- | C] () -- C:\Users\s.longtin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/06/01 22:13:34 | 000,000,344 | ---- | C] () -- C:\Users\s.longtin\AppData\Roaming\wklnhst.dat
    [2009/05/20 16:04:50 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1576.dll
    [2009/05/20 16:04:50 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
    [2009/05/20 16:04:47 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
    [2009/05/20 16:00:41 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/05/20 16:00:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2009/05/20 13:48:50 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
    [2009/05/20 13:34:04 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
    [2009/05/20 13:34:01 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
    [2009/05/20 13:33:59 | 000,026,112 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
    [2008/02/19 23:36:13 | 000,000,986 | ---- | C] () -- C:\Windows\hpomdl29.dat
    [2008/02/03 18:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 07:47:37 | 000,427,760 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

    ========== LOP Check ==========

    [2009/06/10 14:53:38 | 000,000,000 | ---D | M] -- C:\Users\s.longtin\AppData\Roaming\Absolute
    [2009/06/03 23:15:24 | 000,000,000 | ---D | M] -- C:\Users\s.longtin\AppData\Roaming\Farm Mania
    [2010/12/25 11:45:42 | 000,000,000 | ---D | M] -- C:\Users\s.longtin\AppData\Roaming\FrostWire
    [2009/06/05 00:06:36 | 000,000,000 | ---D | M] -- C:\Users\s.longtin\AppData\Roaming\iWin
    [2010/08/05 17:19:19 | 000,000,000 | ---D | M] -- C:\Users\s.longtin\AppData\Roaming\Research In Motion
    [2009/06/01 22:13:36 | 000,000,000 | ---D | M] -- C:\Users\s.longtin\AppData\Roaming\Template
    [2009/06/01 23:08:28 | 000,000,000 | ---D | M] -- C:\Users\s.longtin\AppData\Roaming\WildTangent
    [2011/05/17 20:54:59 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011/05/17 23:19:09 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{249FC342-E3F0-417A-B2E6-5B50FA1A620E}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/05/16 23:26:08 | 000,100,736 | ---- | M] (GMER) -- C:\aglcypog.sys
    [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2008/01/20 21:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
    [2011/05/17 20:49:58 | 000,013,308 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2009/05/20 16:05:00 | 000,003,680 | RH-- | M] () -- C:\dell.sdr
    [2011/05/17 20:56:22 | 3178,086,400 | -HS- | M] () -- C:\hiberfil.sys
    [2011/05/17 20:56:21 | 3491,700,736 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2006/11/02 07:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/11/02 04:46:04 | 000,033,792 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\prtprocs\w32x86\EP0LPP00.DLL
    [2007/12/17 18:05:32 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp5mu.dll
    [2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2008/12/04 22:55:20 | 000,307,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/08/05 17:00:54 | 000,000,574 | -HS- | M] () -- C:\Users\s.longtin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/05/16 23:01:53 | 000,302,080 | ---- | M] () -- C:\Users\s.longtin\Desktop\1t3dq979.exe
    [2011/05/17 19:52:29 | 004,350,161 | R--- | M] () -- C:\Users\s.longtin\Desktop\ComboFix.exe
    [2011/05/17 16:56:04 | 000,080,384 | ---- | M] () -- C:\Users\s.longtin\Desktop\MBRCheck.exe
    [2011/05/17 23:23:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\s.longtin\Desktop\OTL.exe
    [2010/12/31 16:46:01 | 020,805,512 | ---- | M] (Skype Technologies S.A.) -- C:\Users\s.longtin\Desktop\SkypeSetupFull.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/08/05 17:00:54 | 000,000,402 | -HS- | M] () -- C:\Users\s.longtin\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2009/09/18 13:53:20 | 000,001,624 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2010/07/08 12:29:48 | 000,000,003 | RH-- | M] () -- C:\ProgramData\LoJackNotifier.txt

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >
    [2009/07/10 00:05:02 | 000,585,728 | ---- | M] (Research In Motion Limited) -- C:\Windows\Installer\BBMediaSyncUninstall.exe
    [6 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:5D432CE3
    @Alternate Data Stream - 1033 bytes -> C:\Users\s.longtin\Documents\Itinerary for KEIDEL JARED Thursday 10 March 2011.eml:OECustomProperty

    < End of report >
     
    tylerho,
    #9
  11. 2011/05/17
    tylerho

    tylerho Inactive Thread Starter

    Joined:
    2008/02/26
    Messages:
    87
    Likes Received:
    0
    OTL Extras logfile created on: 5/17/2011 11:25:28 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\s.longtin\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19048)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
    6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 283.40 Gb Total Space | 185.86 Gb Free Space | 65.58% Space Free | Partition Type: NTFS
    Drive D: | 14.65 Gb Total Space | 7.64 Gb Free Space | 52.13% Space Free | Partition Type: NTFS

    Computer Name: SLONGTIN | User Name: s.longtin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{039929E0-234A-4B7E-A8A7-42B5CF469D67}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{05569412-4CA4-4A8D-8521-366A930805AF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{0A1DB4BC-DFB9-48C7-B6A6-4C3E33933DC3}" = rport=138 | protocol=17 | dir=out | app=system |
    "{0E213144-7CFB-420E-A6AA-6AD1A62EA184}" = rport=445 | protocol=6 | dir=out | app=system |
    "{1099C545-FC3A-487D-8BCE-DC87C396CC6A}" = lport=137 | protocol=17 | dir=in | app=system |
    "{14BBC2D1-8DEA-4915-B005-9298F12031A8}" = rport=137 | protocol=17 | dir=out | app=system |
    "{187EFDC0-A7AD-4BC6-AD4A-B475905AB53D}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{30F0A13F-ACD2-4AC9-AAAF-B80A7DBD247F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{41016AD5-E96F-43DB-BFFE-122B015F356A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{669F0639-4B15-4D59-BD1A-33B305534809}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{7A490C02-8D15-43A4-84AD-6E0FED7E0D84}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{8A7274A2-2DD1-4AD0-8080-65D5F29982E6}" = rport=139 | protocol=6 | dir=out | app=system |
    "{9672F418-12F7-456A-A7AE-7E3FC41FF232}" = lport=445 | protocol=6 | dir=in | app=system |
    "{99A23EE6-A209-493F-B0FF-35713D26A2AB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{A36A4EA2-487F-4044-86FA-C7444E89EA17}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{ACE7E26D-7428-4C72-9262-EBD9E7F2E858}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{AD68E0BF-F2F2-47B2-9E60-1D81E112941C}" = lport=139 | protocol=6 | dir=in | app=system |
    "{B087D277-9A63-4D1A-BB48-BFB32FEE30B1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{C4AFDC4E-6AF0-421E-8849-840DE0573951}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{C5CBD37A-CE6E-49EC-B72C-E3D90669F276}" = lport=138 | protocol=17 | dir=in | app=system |
    "{ECEFABE1-76EE-485D-95DF-15819439C8E1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02D7DEE8-9763-4031-B478-72CFA247FDB8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{29C05784-6AA2-48C2-B108-357E996A0F12}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
    "{36ABB848-B5C6-4AD9-B259-110A24C744DE}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
    "{44183C83-4478-4329-9FBB-CFA743CF8D34}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{46EC43AF-2E61-47D0-A4CE-6873D535A781}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
    "{4B1F0D8D-6336-4A8C-BD7C-938D6F687EBB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{579381D4-A547-4FE3-B208-9ECC254C35AE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{594BD5AD-13E3-48C1-88A3-19A99E6C3008}" = protocol=6 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
    "{5C68C60F-DF29-43DE-A600-97B9F7D8D151}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
    "{61778EEA-B314-4249-9E30-1B81A487D98C}" = protocol=17 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
    "{65A0A552-5004-4E3B-928C-491831FFD50C}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
    "{743BFD7C-7408-4F2C-9821-9FCE5DB0DE0A}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
    "{7C94528A-0FE1-4243-B7A6-784D8B60A176}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{82563268-DDEB-4A4B-BBF6-E024D840B69E}" = protocol=17 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |
    "{865A3A7E-09CD-45B0-81A8-3F634E4B8860}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{8E5C0B02-B569-40CB-AF9E-246D37C7BBC1}" = protocol=6 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |
    "{9744B85D-4421-4302-83A4-113D0C342E26}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{976DF4CA-CE8D-44CA-B171-339E213586DC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{989A2C02-A8A4-4D0E-A0BB-F4FECCA7CC5D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{9C44CD49-B715-4F46-A365-9A9AAF8957E2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{9FD3EE06-D0D3-4FA3-A99D-08693AA3AFBD}" = protocol=6 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |
    "{AA7810F1-5EAE-4D5D-AC79-F1019B6BCBF7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{BCA3AB48-218E-41EC-AF76-40C463903CB6}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
    "{C053F0F1-1C54-400B-8695-C2007A9BD8B9}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
    "{C0FB8E76-AB42-49A8-9488-CBA2B7E1472B}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
    "{C9E6EB23-5CA5-4D5A-855F-12758E59E014}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{D8BC3CFC-EDBA-4C0A-8C17-84BF421D0372}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{F4CAAD14-7A32-40C9-81BA-1B92CF91F97A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{F6BDB2A5-6593-477F-A94D-6E8601AA1FA7}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
    "{FDE643F2-69C7-4F55-9564-4DAFFEFCD581}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{FE0B6509-D0AF-418B-975A-0A2CB3228366}" = protocol=17 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |
    "TCP Query User{09B8F508-BF2A-4FD1-9673-4674AF7B7C06}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{87B95F60-78AD-459E-AA0C-EEDE915F7EAA}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "TCP Query User{CB7824B0-BD2D-4D5D-93DE-D6A682BB5E20}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "TCP Query User{FE153C11-5630-46FC-93E0-A082E36ED196}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
    "UDP Query User{0B8C5BA0-2F84-47C1-A8BC-7D21E7ECF444}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
    "UDP Query User{3719BEDC-524F-41A4-9FE8-4BE72570A79F}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "UDP Query User{65840368-65E7-4683-B7CF-44C8167ECC74}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "UDP Query User{E2F892E2-3F9C-43FD-B0A2-A11AAD1DD0E7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
    "{053C30EA-D4C6-47A0-8537-8D231D9BE873}" = DELL0703
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
    "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
    "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
    "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
    "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
    "{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
    "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
    "{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
    "{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
    "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
    "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
    "{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
    "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
    "{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
    "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
    "{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
    "{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min
    "{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
    "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
    "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
    "{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
    "{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
    "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
    "{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext
    "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
    "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
    "{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
    "{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
    "{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
    "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skypeâ„¢ 5.1
    "{E8A602BF-C276-4DB2-A9FF-B4C30EA1CB7C}_is1" = iDump (Freeware) Build:29
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Complete Care Consumer Service Agreement
    "{F0839DB3-FBB8-4D14-936F-1D457A088224}" = Bing Bar
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
    "{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
    "{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
    "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
    "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
    "{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
    "{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
    "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
    "{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
    "Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Creative OA001" = Integrated Webcam Driver (1.05.02.1227)
    "Dell Video Chat" = Dell Video Chat
    "Dell Webcam Central" = Dell Webcam Central
    "ENTERPRISER" = Microsoft Office Enterprise 2007
    "GoToAssist" = GoToAssist 8.0.0.514
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP Imaging Device Functions" = HP Imaging Device Functions 10.0
    "HP Photosmart Essential" = HP Photosmart Essential 2.5
    "HP Smart Web Printing" = HP Smart Web Printing
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
    "HPExtendedCapabilities" = HP Customer Participation Program 10.0
    "HPOCR" = OCR Software by I.R.I.S. 10.0
    "InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
    "iPod To Computer Transfer_is1" = iPod To Computer Transfer 5.3
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "MSC" = McAfee SecurityCenter
    "NSS" = Norton Security Scan
    "Shop for HP Supplies" = Shop for HP Supplies
    "WildTangent dell Master Uninstall" = WildTangent Games
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1926542827-633599467-1570236915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 5/7/2011 1:28:32 AM | Computer Name = slongtin | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 5/7/2011 1:28:32 AM | Computer Name = slongtin | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 2543

    Error - 5/7/2011 1:28:32 AM | Computer Name = slongtin | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 2543

    Error - 5/7/2011 1:28:33 AM | Computer Name = slongtin | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 5/7/2011 1:28:33 AM | Computer Name = slongtin | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 3557

    Error - 5/7/2011 1:28:33 AM | Computer Name = slongtin | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 3557

    Error - 5/7/2011 1:28:34 AM | Computer Name = slongtin | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 5/7/2011 1:28:34 AM | Computer Name = slongtin | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 4586

    Error - 5/7/2011 1:28:34 AM | Computer Name = slongtin | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 4586

    Error - 5/7/2011 1:28:35 AM | Computer Name = slongtin | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    [ Broadcom Wireless LAN Events ]
    Error - 2/5/2011 5:39:17 PM | Computer Name = slongtin | Source = WLAN-Tray | ID = 0
    Description = 15:39:17, Sat, Feb 05, 11 Error - Unable to get current user admin
    status

    Error - 5/5/2011 11:09:16 AM | Computer Name = slongtin | Source = WLAN-Tray | ID = 0
    Description = 10:09:05, Thu, May 05, 11 Error - Unable to gain access to user store


    [ OSession Events ]
    Error - 3/19/2011 3:27:16 PM | Computer Name = slongtin | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 273961
    seconds with 1680 seconds of active time. This session ended with a crash.


    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
    tylerho,
    #10
  12. 2011/05/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good news :)

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ====================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-1926542827-633599467-1570236915-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1926542827-633599467-1570236915-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
[2 C:\Users\s.longtin\Documents\*.tmp files -> C:\Users\s.longtin\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 1033 bytes -> C:\Users\s.longtin\Documents\Itinerary for KEIDEL JARED Thursday 10 March 2011.eml:OECustomProperty

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ====================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #11
  13. 2011/05/18
    tylerho

    tylerho Inactive Thread Starter

    Joined:
    2008/02/26
    Messages:
    87
    Likes Received:
    0
    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1926542827-633599467-1570236915-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1926542827-633599467-1570236915-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\Windows\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    C:\Users\s.longtin\Documents\~WRL0005.tmp deleted successfully.
    C:\Users\s.longtin\Documents\~WRL3219.tmp deleted successfully.
    C:\Windows\msdownld.tmp folder deleted successfully.
    ADS C:\ProgramData\TEMP:5D432CE3 deleted successfully.
    ADS C:\Users\s.longtin\Documents\Itinerary for KEIDEL JARED Thursday 10 March 2011.eml:OECustomProperty deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: s.longtin
    ->Temp folder emptied: 1076959 bytes
    ->Temporary Internet Files folder emptied: 664978576 bytes
    ->Java cache emptied: 15597812 bytes
    ->Flash cache emptied: 126099 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 48168 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 650.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: s.longtin
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 05182011_220727

    Files\Folders moved on Reboot...
    C:\Users\s.longtin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CHI1OUHB\iframescript[5].htm moved successfully.
    C:\Users\s.longtin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2U8B2CQI\99024-active-popups-other-virus-related-activity[1].html moved successfully.
    C:\Windows\temp\mcafee_4nwgFmcWjvwctRX moved successfully.
    File\Folder C:\Windows\temp\mcafee_MtmMARgMbBdMH4D not found!

    Registry entries deleted on Reboot...

    Results of screen317's Security Check version 0.99.7
    Windows Vista Service Pack 1 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Disabled!
    McAfee SecurityCenter
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 25
    Out of date Java installed!
    Adobe Flash Player
    Adobe Reader 9
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    ``````````End of Log````````````
     
    tylerho,
    #12
  14. 2011/05/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    ...and Eset....

    We'll have to remember to install Service Pack 2, but Eset scan first...
     
    broni,
    #13
  15. 2011/05/19
    tylerho

    tylerho Inactive Thread Starter

    Joined:
    2008/02/26
    Messages:
    87
    Likes Received:
    0
    Thanks Broni! Everything is working the way it should.
     
    tylerho,
    #14
  16. 2011/05/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I still need Eset scan results.
     
    broni,
    #15
  17. 2011/05/20
    tylerho

    tylerho Inactive Thread Starter

    Joined:
    2008/02/26
    Messages:
    87
    Likes Received:
    0
    Eset did not produce a log?
     
    tylerho,
    #16
  18. 2011/05/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current (including Service Pack 2 installation!)

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
    broni,
    #17
  19. 2011/05/23
    tylerho

    tylerho Inactive Thread Starter

    Joined:
    2008/02/26
    Messages:
    87
    Likes Received:
    0
    Everything works really well. Thanks Broni!
     
    tylerho,
    #18
  20. 2011/05/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome :)

    Good luck and stay safe :)
     
    broni,
    #19

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...