I completed the 8 step Viruses/Spyware/Malware Preliminary Removal Instructions

Solved
By kathimango
Dec 1, 2010
Topic Status:
Not open for further replies.
  1. kathimango

    kathimango Newcomer, in training Topic Starter Posts: 28

    "8238:TCP:*:enabled:DTS-8238" = 8238:TCP:*:enabled:DTS-8238
    "8239:TCP:*:enabled:DTS-8239" = 8239:TCP:*:enabled:DTS-8239

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint]
    "Enabled" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
    "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
    "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
    "{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
    "{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = ThinkPad Bluetooth with Enhanced Data Rate Software
    "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
    "{606A17A0-5940-49F7-B8CA-BC997C373D69}" = iPassConnect
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
    "{78ac4716-f51a-46fe-bda0-f5da38f99d6d}" = IBM Lotus Symphony
    "{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{AD4C2EB8-60E8-4D7E-A41B-64D8AA782517}" =
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata
    MUI (English) 2007
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
    "{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
    "{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
    "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
    "{AB6FFA58-F491-11D3-8951-000000015799}" = iPassConnect
    "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
    "{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
    "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
    "{C2CDE75C-CA51-4335-9C13-84C00E6093A5}" = Windows Media Player Enterprise Deployment
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{D671062E-44AF-4DC6-AD89-92921D1E1779}" = Lotus Notes 8.0.2
    "{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
    "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
    "{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
    "{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad Configuration
    "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "AIM_7" = AIM 7
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
    "Microsoft Security Essentials" = Microsoft Security Essentials
    "mmuipackage" = Messenger MUI Package
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "OnScreenDisplay" = On Screen Display
    "Power Management Driver" = ThinkPad Power Management Driver
    "ProInst" = Intel(R) PROSet/Wireless Software
    "PROPLUS" = Microsoft Office Professional Plus 2007
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "Sametime Client v3.1" = Sametime Client v3.1
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "SynTPDeinstKey" = ThinkPad UltraNav Driver
    "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows Media Player" = Windows Media Player 10
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinZip" = WinZip
    "WSUS Client Configuration" = WSUS Client Configuration Tool
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/30/2010 9:26:35 PM | Computer Name = COMPUTER-418277 | Source = McLogEvent | ID = 5022
    Description =

    Error - 11/30/2010 9:28:32 PM | Computer Name = COMPUTER-418277 | Source = MsiInstaller | ID = 11311
    Description = Product: AVG 2011 -- Error 1311. Source file not found(cabinet): C:\Documents
    and Settings\All Users\Application Data\MFAData\pack\basex.cab. Verify that the
    file exists and that you can access it.

    Error - 11/30/2010 9:28:33 PM | Computer Name = COMPUTER-418277 | Source = MsiInstaller | ID = 11311
    Description = Product: AVG 2011 -- Error 1311. Source file not found(cabinet): C:\Documents
    and Settings\All Users\Application Data\MFAData\pack\basex.cab. Verify that the
    file exists and that you can access it.

    Error - 11/30/2010 9:31:36 PM | Computer Name = COMPUTER-418277 | Source = McLogEvent | ID = 5022
    Description =

    Error - 11/30/2010 9:31:36 PM | Computer Name = COMPUTER-418277 | Source = McLogEvent | ID = 5022
    Description =

    Error - 11/30/2010 9:36:32 PM | Computer Name = COMPUTER-418277 | Source = McLogEvent | ID = 5022
    Description =

    Error - 11/30/2010 9:36:32 PM | Computer Name = COMPUTER-418277 | Source = McLogEvent | ID = 5022
    Description =

    Error - 12/1/2010 8:47:23 PM | Computer Name = COMPUTER-418277 | Source = Application Error | ID = 1000
    Description = Faulting application spywareremovaltoolkit.exe, version 3.0.0.0, faulting
    module , version 0.0.0.0, fault address 0x00000000.

    Error - 12/3/2010 10:22:11 PM | Computer Name = COMPUTER-418277 | Source = Userenv | ID = 1082
    Description = Windows cannot set the background refresh timer for Group Policy.
    CreateWaitableTimer (Not enough storage is available to process this command. ).
    Group Policy processing aborted.

    Error - 12/4/2010 12:02:36 AM | Computer Name = COMPUTER-418277 | Source = MSSecurityEssentials | ID = 5000
    Description =

    [ System Events ]
    Error - 12/3/2010 10:49:05 PM | Computer Name = COMPUTER-418277 | Source = Service Control Manager | ID = 7034
    Description = The SD Primer Agent service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 12/3/2010 10:58:48 PM | Computer Name = COMPUTER-418277 | Source = System Error | ID = 1003
    Description = Error code 1000000a, parameter1 00461000, parameter2 0000001c, parameter3
    00000000, parameter4 8056e8d8.

    Error - 12/3/2010 11:13:19 PM | Computer Name = COMPUTER-418277 | Source = Microsoft Antimalware | ID = 2001
    Description = %%861 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%853

    Source
    Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

    Current
    Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x800704c7 Error description:
    The operation was canceled by the user.

    Error - 12/3/2010 11:17:05 PM | Computer Name = COMPUTER-418277 | Source = Service Control Manager | ID = 7034
    Description = The IBM KCU Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 12/3/2010 11:49:02 PM | Computer Name = COMPUTER-418277 | Source = Microsoft Antimalware | ID = 2001
    Description = %%861 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%853

    Source
    Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

    Current
    Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x800704c7 Error description:
    The operation was canceled by the user.

    Error - 12/3/2010 11:59:56 PM | Computer Name = COMPUTER-418277 | Source = Microsoft Antimalware | ID = 2001
    Description = %%861 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%853

    Source
    Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

    Current
    Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x800704c7 Error description:
    The operation was canceled by the user.

    Error - 12/4/2010 12:23:49 AM | Computer Name = COMPUTER-418277 | Source = Service Control Manager | ID = 7034
    Description = The IBM KCU Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 12/4/2010 12:29:50 AM | Computer Name = COMPUTER-418277 | Source = Service Control Manager | ID = 7034
    Description = The BlackICE service terminated unexpectedly. It has done this 1
    time(s).

    Error - 12/4/2010 12:29:50 AM | Computer Name = COMPUTER-418277 | Source = Service Control Manager | ID = 7034
    Description = The RapApp service terminated unexpectedly. It has done this 1 time(s).

    Error - 12/4/2010 12:29:51 AM | Computer Name = COMPUTER-418277 | Source = Service Control Manager | ID = 7034
    Description = The ISS Buffer Overflow Exploit Prevention service terminated unexpectedly.
    It has done this 1 time(s).


    < End of report >
  2. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Good news :)

    You still have McAfee leftovers. Please, run this tool to remove them: http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml

    =========================================================================

    We need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Proventia Desktop Agent.lnk = File not found
      O15 - HKLM\..Trusted Domains: csc.com ([]* in Local intranet)
      O15 - HKCU\..Trusted Domains: csc.com ([]* in Local intranet)
      O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - Reg Error: Key error. File not found
      [2010/11/24 17:55:59 | 000,047,788 | ---- | C] (Internet Security Systems, Inc.) -- C:\WINDOWS\System32\drivers\RapDrv.sys
      [2010/11/24 17:55:58 | 000,197,106 | ---- | C] (Internet Security Systems, Inc.) -- C:\WINDOWS\System32\drivers\Blackcat.sys
      [2010/11/24 17:55:58 | 000,076,849 | ---- | C] (Internet Security Systems, Inc.) -- C:\WINDOWS\System32\drivers\MakoNT.sys
      DRV - [2007/07/18 16:33:30 | 000,047,788 | ---- | M] (Internet Security Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RapDrv.sys -- (rap)
      DRV - [2007/07/18 16:33:28 | 000,197,106 | ---- | M] (Internet Security Systems, Inc.) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\Blackcat.sys -- (black)
      DRV - [2006/10/16 09:26:02 | 000,076,849 | ---- | M] (Internet Security Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MakoNT.sys -- (MakoNT)
      @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =======================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  3. kathimango

    kathimango Newcomer, in training Topic Starter Posts: 28

    Hi Broni,

    When I try to remove McAfee using either of the links External Mirror 1.exe or Softpedia Mirror (us).exe I get "McAfee Enterprise software detected. Cannot continue. Please contact McAffee Technical Support." McAfee was part of a standard operation environment and I didn't have an option to disable it so I removed it.

    -----------------

    Java

    JavaRa 1.16 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Sat Dec 04 01:16:16 2010

    Found and removed: C:\Program Files\Java\jre1.6.0_05Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005Found and removed: SOFTWARE\Classes\JavaPlugin.160_05Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04Found and removed: Software\Classes\JavaPlugin.160_05Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\------------------------------------Finished reporting.


    All processes killed
    ========== OTL ==========
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Proventia Desktop Agent.lnk moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\csc.com\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\csc.com\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon\ deleted successfully.
    C:\WINDOWS\system32\drivers\RapDrv.sys moved successfully.
    C:\WINDOWS\system32\drivers\Blackcat.sys moved successfully.
    C:\WINDOWS\system32\drivers\MakoNT.sys moved successfully.
    Service rap stopped successfully!
    Service rap deleted successfully!
    File C:\WINDOWS\system32\drivers\RapDrv.sys not found.
    Service black stopped successfully!
    Service black deleted successfully!
    File C:\WINDOWS\system32\drivers\Blackcat.sys not found.
    Service MakoNT stopped successfully!
    Service MakoNT deleted successfully!
    File C:\WINDOWS\system32\drivers\MakoNT.sys not found.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 2747273 bytes
    ->Temporary Internet Files folder emptied: 19969866 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 49070427 bytes
    ->Flash cache emptied: 1533 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: kathi
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32835 bytes

    User: NetworkService
    ->Temp folder emptied: 4586 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 10852 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 69.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User

    User: kathi
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb

    Error: Unable to interpret <[Reboot]Then click the Run Fix button at the top > in the current context!
    Error: Unable to interpret <Let the program run unhindered, reboot the PC when it is done > in the current context!
    Error: Unable to interpret <You will get a log that shows the results of the fix. Please post it. > in the current context!

    OTL by OldTimer - Version 3.2.17.3 log created on 12042010_011823

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\NSG3OLU5\crosspixel-dest[1].htm moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\FS8O1WWD\sh28[1].htm moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1YPATXH2\topic157480-2[1].htm moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.

    Registry entries deleted on Reboot...


    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 7 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    Microsoft Security Essentials
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    Adobe Reader 9
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.12) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

    ``````````End of Log````````````



    Running the last scan now.
  4. kathimango

    kathimango Newcomer, in training Topic Starter Posts: 28

    Hi Broni,

    Here's the info from the ESET scan:

    C:\Documents and Settings\Administrator\My Documents\Downloads\SpywareRemovalToolkit_Setup.exe Win32/Adware.SpywareCease application
    C:\System Volume Information\_restore{96069747-BBE4-4864-B69B-912BA8FB8A0D}\RP23\A0019447.sys Win32/Adware.SpywareCease application
  5. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Regarding McAfee....Run OTL "Quick scan" and post its log. We'll remove McAfee leftovers manually.

    Also...

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
    On this page:

    [​IMG]

    make sure, you have both boxes UN-checked AND (important!) click on Decline button
  6. kathimango

    kathimango Newcomer, in training Topic Starter Posts: 28

    Hi Broni,

    Here are the OTL logs.
    --------------------
    OTL logfile created on: 12/4/2010 10:46:24 PM - Run 2
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    998.00 Mb Total Physical Memory | 493.00 Mb Available Physical Memory | 49.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
    Paging file location(s): c:\pagefile.sys 1533 1533 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.53 Gb Total Space | 59.23 Gb Free Space | 79.47% Space Free | Partition Type: NTFS

    Computer Name: COMPUTER-418277 | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/03 23:57:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    PRC - [2010/11/22 11:29:41 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    PRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
    PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    PRC - [2010/03/25 21:40:42 | 000,203,312 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
    PRC - [2008/08/08 09:53:42 | 000,058,760 | ---- | M] (IBM Corp) -- C:\IBM\Lotus\Notes\ntmulti.exe
    PRC - [2008/04/13 23:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/03/10 22:16:44 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    PRC - [2008/03/10 22:16:42 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
    PRC - [2008/03/10 22:16:42 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    PRC - [2008/03/10 22:16:42 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
    PRC - [2008/03/05 09:48:24 | 000,170,520 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
    PRC - [2008/02/07 15:25:56 | 000,098,304 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
    PRC - [2008/02/07 15:25:18 | 000,155,648 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
    PRC - [2007/07/05 15:05:04 | 000,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    PRC - [2007/07/05 15:04:18 | 000,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    PRC - [2007/07/05 15:03:32 | 000,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    PRC - [2007/07/05 14:58:40 | 000,413,696 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    PRC - [2007/07/05 14:51:48 | 000,126,976 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    PRC - [2007/04/16 11:33:18 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    PRC - [2007/04/16 11:21:20 | 000,983,040 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    PRC - [2007/04/16 11:17:58 | 000,487,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    PRC - [2007/04/16 11:14:24 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    PRC - [2007/04/09 10:23:56 | 001,015,808 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
    PRC - [2007/03/29 18:40:48 | 000,181,808 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
    PRC - [2007/03/28 12:32:00 | 000,243,248 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
    PRC - [2007/03/09 08:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    PRC - [2007/03/08 07:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    PRC - [2007/03/02 17:49:00 | 000,037,680 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
    PRC - [2007/02/27 05:09:06 | 000,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
    PRC - [2006/09/06 10:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
    PRC - [2005/11/01 15:10:32 | 000,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    PRC - [2005/11/01 15:09:10 | 001,265,748 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
    PRC - [2005/11/01 15:04:02 | 000,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    PRC - [2005/09/15 17:57:42 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    PRC - [2005/06/06 21:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/12/03 23:57:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    MOD - [2005/09/15 17:57:36 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
    SRV - [2008/08/08 09:53:42 | 000,058,760 | ---- | M] (IBM Corp) [Auto | Running] -- C:\IBM\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service)
    SRV - [2008/03/10 22:16:42 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
    SRV - [2008/02/07 16:57:56 | 001,687,552 | ---- | M] (iPass, Inc.) [On_Demand | Stopped] -- C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe -- (iPassConnectEngine)
    SRV - [2008/02/07 15:25:56 | 000,098,304 | ---- | M] (iPass, Inc.) [Auto | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe -- (iPassPeriodicUpdateService)
    SRV - [2008/02/07 15:25:18 | 000,155,648 | ---- | M] (iPass, Inc.) [On_Demand | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe -- (iPassPeriodicUpdateApp)
    SRV - [2007/07/05 15:05:04 | 000,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
    SRV - [2007/07/05 15:03:32 | 000,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
    SRV - [2007/04/16 11:33:18 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV - [2007/04/16 11:21:20 | 000,983,040 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
    SRV - [2007/04/16 11:14:24 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
    SRV - [2007/03/02 17:49:00 | 000,037,680 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
    SRV - [2007/02/27 05:09:06 | 000,036,400 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
    SRV - [2005/11/01 15:04:02 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
    SRV - [2005/06/06 21:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ipsecw2k.sys -- (IPSECSHM)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2010/11/24 17:53:04 | 000,021,393 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\iPassP.sys -- (iPassP) iPass Protocol (IEEE 802.1x)
    DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2008/08/13 11:08:44 | 000,325,144 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
    DRV - [2008/04/13 18:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
    DRV - [2008/04/13 18:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 18:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/04/13 16:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/02/15 08:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2007/04/30 06:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
    DRV - [2007/04/13 07:08:26 | 000,306,176 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
    DRV - [2007/04/02 11:24:08 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
    DRV - [2007/03/29 15:19:36 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2007/03/24 09:43:46 | 000,251,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
    DRV - [2007/03/02 17:49:00 | 000,100,656 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
    DRV - [2007/03/02 17:47:00 | 000,019,760 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
    DRV - [2007/02/27 05:08:32 | 000,021,040 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
    DRV - [2006/12/22 05:56:00 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2006/12/22 05:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2006/12/22 05:55:00 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2006/10/23 04:23:28 | 000,017,778 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
    DRV - [2006/08/04 12:03:30 | 000,015,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmx_svga.sys -- (vmx_svga)
    DRV - [2005/11/30 00:51:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
    DRV - [2005/11/30 00:51:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
    DRV - [2005/11/08 09:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
    DRV - [2005/11/01 14:55:22 | 000,401,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
    DRV - [2005/11/01 14:53:14 | 001,342,122 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
    DRV - [2005/11/01 14:51:34 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
    DRV - [2005/11/01 14:51:06 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2005/11/01 14:48:00 | 000,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
    DRV - [2005/09/15 17:53:10 | 000,177,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2005/05/17 04:20:06 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
    DRV - [2002/08/29 07:29:12 | 000,036,096 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
    DRV - [2001/08/17 08:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 08:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 08:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 08:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 08:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 07:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 07:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 07:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 07:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 07:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 07:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 07:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 07:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 07:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 07:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://portal.csc.com

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://portal.csc.com
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/26 16:46:46 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/30 22:28:03 | 000,000,000 | ---D | M]

    [2010/11/30 21:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
    [2010/11/30 21:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\79tj732t.default\extensions
    [2010/12/02 20:14:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/11/30 22:28:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/11/30 22:27:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2010/12/03 23:32:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
    O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
    O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
    O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
    O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
    O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Download present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Intellimenus = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290644666106 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1290644657965 (MUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
    O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/04/06 11:05:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/04 01:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2010/12/04 01:18:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/12/04 01:18:23 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/12/04 01:14:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\JavaRa folder
    [2010/12/03 23:57:13 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/12/03 23:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
    [2010/12/03 21:57:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2010/12/03 21:48:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/12/03 21:47:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/12/03 21:47:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/12/03 21:47:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/12/03 21:47:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/12/03 21:46:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/12/03 21:46:39 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/12/01 20:31:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
    [2010/12/01 20:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2010/12/01 20:21:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2010/12/01 20:19:46 | 009,852,776 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
    [2010/12/01 20:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder
    [2010/12/01 19:58:14 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\zztoy.exe
    [2010/12/01 19:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2010/11/30 22:41:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
    [2010/11/30 22:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010/11/30 22:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
    [2010/11/30 22:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    [2010/11/30 21:29:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    [2010/11/30 21:28:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/11/30 21:28:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/11/30 21:28:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/11/30 21:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/11/30 21:20:01 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
    [2010/11/30 21:20:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
    [2010/11/30 21:13:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
    [2010/11/30 21:13:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
    [2010/11/30 21:08:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/11/30 21:05:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
    [2010/11/26 18:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2010/11/26 18:26:27 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
    [2010/11/26 18:19:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2010/11/26 16:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
    [2010/11/26 16:49:21 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
    [2010/11/26 16:49:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
    [2010/11/26 16:49:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
    [2010/11/26 16:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2010/11/24 19:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
    [2010/11/24 18:21:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Intel
    [2010/11/24 18:13:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
    [2010/11/24 17:53:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iPass
    [2010/11/24 17:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPass
    [2010/11/24 17:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Intel
    [2010/11/24 17:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
    [2010/11/24 17:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SureThing Shared
    [2010/11/24 17:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\Sonic
    [2010/11/24 17:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\InterVideo
    [2010/11/24 17:30:52 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
    [2010/11/24 17:30:51 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
    [2010/11/24 17:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\Lenovo
    [2010/11/24 17:27:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Bluetooth Software
    [2010/11/24 17:27:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Bluetooth Exchange Folder
    [2010/11/24 17:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Access Connections
    [2010/11/24 17:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\ThinkPad
    [2010/11/24 17:24:19 | 000,065,536 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPFcs.dll
    [2010/11/24 17:24:18 | 000,177,664 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\drivers\SynTP.sys
    [2010/11/24 17:24:18 | 000,110,592 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynCtrl.dll
    [2010/11/24 17:24:18 | 000,094,208 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPAPI.dll
    [2010/11/24 17:24:18 | 000,073,728 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynCOM.dll
    [2010/11/24 17:24:17 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
    [2010/11/24 17:23:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
    [2010/11/24 17:23:19 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
    [2010/11/24 17:22:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
    [2010/11/24 17:22:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
    [2010/11/24 17:22:42 | 000,000,000 | ---D | C] -- C:\Intel
    [2010/11/24 12:19:52 | 000,000,000 | -HSD | C] -- C:\System Volume Information

    ========== Files - Modified Within 30 Days ==========

    [2010/12/04 22:32:31 | 000,017,958 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
    [2010/12/04 01:34:38 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/12/04 01:33:42 | 000,442,500 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/12/04 01:33:42 | 000,071,826 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/12/04 01:29:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/12/04 01:29:26 | 1046,786,048 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/04 01:26:23 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
    [2010/12/04 01:23:32 | 000,869,051 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
    [2010/12/04 01:09:58 | 001,373,616 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MCPR.exe
    [2010/12/03 23:57:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/12/03 23:32:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/12/03 23:06:12 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
    [2010/12/03 23:05:54 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/12/03 21:48:29 | 000,000,332 | RHS- | M] () -- C:\boot.ini
    [2010/12/03 21:35:24 | 003,984,255 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2010/12/03 21:33:55 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe
    [2010/12/01 20:31:37 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/12/01 20:19:46 | 009,852,776 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
    [2010/12/01 20:01:38 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\zztoy.exe
    [2010/12/01 19:37:05 | 000,000,021 | ---- | M] () -- C:\WINDOWS\tsprt
    [2010/12/01 19:36:47 | 000,000,864 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareRemovalToolkit.lnk
    [2010/11/30 21:38:28 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\tknvqt16.exe
    [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/11/26 16:49:33 | 000,000,468 | -H-- | M] () -- C:\IPH.PH
    [2010/11/26 16:49:27 | 000,001,584 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
    [2010/11/26 16:46:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
    [2010/11/26 16:46:41 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/11/24 18:08:23 | 000,002,680 | RHS- | M] () -- C:\Documents and Settings\Administrator\ntuser.pol
    [2010/11/24 18:07:30 | 000,333,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/11/24 17:56:29 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\ntdll_dll.iss
    [2010/11/24 17:56:28 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\wsock32_dll.iss
    [2010/11/24 17:56:28 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\rsvpsp_dll.iss
    [2010/11/24 17:56:28 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\mswsock_dll.iss
    [2010/11/24 17:56:28 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\msvcrt_dll.iss
    [2010/11/24 17:56:27 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\ws2help_dll.iss
    [2010/11/24 17:56:27 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\ws2_32_dll.iss
    [2010/11/24 17:56:27 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\shlwapi_dll.iss
    [2010/11/24 17:56:27 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\msasn1_dll.iss
    [2010/11/24 17:56:27 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\crypt32_dll.iss
    [2010/11/24 17:56:26 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\user32_dll.iss
    [2010/11/24 17:56:26 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\msafd_dll.iss
    [2010/11/24 17:56:26 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\comctl32_dll.iss
    [2010/11/24 17:56:26 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\advapi32_dll.iss
    [2010/11/24 17:56:25 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\wldap32_dll.iss
    [2010/11/24 17:56:25 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\wininet_dll.iss
    [2010/11/24 17:56:25 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\version_dll.iss
    [2010/11/24 17:56:25 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\urlmon_dll.iss
    [2010/11/24 17:56:25 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\url_dll.iss
    [2010/11/24 17:56:25 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\kernel32_dll.iss
    [2010/11/24 17:56:24 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\shell32_dll.iss
    [2010/11/24 17:56:20 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\olesvr32_dll.iss
    [2010/11/24 17:56:20 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\rpcrt4_dll.iss
    [2010/11/24 17:56:20 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\olethk32_dll.iss
    [2010/11/24 17:56:20 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\olecnv32_dll.iss
    [2010/11/24 17:56:20 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\olecli32_dll.iss
    [2010/11/24 17:56:20 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\oleaut32_dll.iss
    [2010/11/24 17:56:19 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\ole32_dll.iss
    [2010/11/24 17:56:05 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\lz32_dll.iss
    [2010/11/24 17:56:04 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\imagehlp_dll.iss
    [2010/11/24 17:56:04 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\gdi32_dll.iss
    [2010/11/24 17:56:04 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\comdlg32_dll.iss
    [2010/11/24 17:37:09 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/11/24 17:34:21 | 000,000,059 | ---- | M] () -- C:\WINDOWS\WININIT.INI
    [2010/11/24 17:26:52 | 000,000,641 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    [2010/11/24 17:25:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\AccConnAdvanced.html
    [2010/11/24 17:23:59 | 000,010,640 | ---- | M] () -- C:\WINDOWS\AegisP.cat
    [2010/11/24 17:22:26 | 000,000,215 | ---- | M] () -- C:\Boot.bak
    [2010/11/24 17:21:01 | 000,041,028 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
    [2010/11/24 12:20:49 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
    [2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe

    ========== Files Created - No Company Name ==========

    [2010/12/04 01:23:20 | 000,869,051 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
    [2010/12/04 01:08:58 | 001,373,616 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MCPR.exe
    [2010/12/03 23:11:22 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/12/03 23:06:12 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
    [2010/12/03 21:48:29 | 000,000,215 | ---- | C] () -- C:\Boot.bak
    [2010/12/03 21:48:25 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/12/03 21:47:04 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/12/03 21:47:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/12/03 21:47:04 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/12/03 21:47:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/12/03 21:47:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/12/03 21:35:19 | 003,984,255 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2010/12/03 21:33:46 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe
    [2010/12/01 20:41:58 | 1046,786,048 | -HS- | C] () -- C:\hiberfil.sys
    [2010/12/01 20:21:24 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/12/01 19:37:05 | 000,000,021 | ---- | C] () -- C:\WINDOWS\tsprt
    [2010/12/01 19:36:47 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareRemovalToolkit.lnk
    [2010/11/30 21:38:23 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tknvqt16.exe
    [2010/11/26 16:49:27 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
    [2010/11/26 16:49:05 | 000,000,468 | -H-- | C] () -- C:\IPH.PH
    [2010/11/26 16:46:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010/11/26 16:46:41 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/11/24 17:56:29 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ntdll_dll.iss
    [2010/11/24 17:56:28 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\wsock32_dll.iss
    [2010/11/24 17:56:28 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\rsvpsp_dll.iss
    [2010/11/24 17:56:28 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\mswsock_dll.iss
    [2010/11/24 17:56:28 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\msvcrt_dll.iss
    [2010/11/24 17:56:27 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ws2help_dll.iss
    [2010/11/24 17:56:27 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ws2_32_dll.iss
    [2010/11/24 17:56:27 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\shlwapi_dll.iss
    [2010/11/24 17:56:27 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\msasn1_dll.iss
    [2010/11/24 17:56:27 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\crypt32_dll.iss
    [2010/11/24 17:56:26 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\user32_dll.iss
    [2010/11/24 17:56:26 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\msafd_dll.iss
    [2010/11/24 17:56:26 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\comctl32_dll.iss
    [2010/11/24 17:56:25 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\wldap32_dll.iss
    [2010/11/24 17:56:25 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\wininet_dll.iss
    [2010/11/24 17:56:25 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\version_dll.iss
    [2010/11/24 17:56:25 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\url_dll.iss
    [2010/11/24 17:56:25 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\kernel32_dll.iss
    [2010/11/24 17:56:25 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\advapi32_dll.iss
    [2010/11/24 17:56:24 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\urlmon_dll.iss
    [2010/11/24 17:56:20 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\olesvr32_dll.iss
    [2010/11/24 17:56:20 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\shell32_dll.iss
    [2010/11/24 17:56:20 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\rpcrt4_dll.iss
    [2010/11/24 17:56:20 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\olethk32_dll.iss
    [2010/11/24 17:56:20 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\olecnv32_dll.iss
    [2010/11/24 17:56:20 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\olecli32_dll.iss
    [2010/11/24 17:56:20 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\oleaut32_dll.iss
    [2010/11/24 17:56:05 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\lz32_dll.iss
    [2010/11/24 17:56:04 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\imagehlp_dll.iss
    [2010/11/24 17:56:04 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\gdi32_dll.iss
    [2010/11/24 17:56:04 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\comdlg32_dll.iss
    [2010/11/24 17:56:03 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ole32_dll.iss
    [2010/11/24 17:34:21 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2010/11/24 17:33:13 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2010/11/24 17:33:12 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2010/11/24 17:33:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2010/11/24 17:33:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2010/11/24 17:33:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2010/11/24 17:33:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2010/11/24 17:26:52 | 000,000,641 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    [2010/11/24 17:26:15 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
    [2010/11/24 17:25:49 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
    [2010/11/24 17:25:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\AccConnAdvanced.html
    [2010/11/24 17:24:57 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
    [2010/11/24 17:24:18 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
    [2010/11/24 17:23:59 | 000,010,640 | ---- | C] () -- C:\WINDOWS\AegisP.cat
    [2010/11/24 17:22:52 | 001,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll
    [2010/11/24 17:22:50 | 001,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll
    [2010/11/24 17:22:48 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
    [2010/11/24 17:22:48 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
    [2010/11/24 17:22:48 | 000,027,024 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
    [2010/11/24 17:22:47 | 000,002,096 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
    [2010/11/24 12:20:49 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
    [2009/04/07 02:19:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2009/04/07 01:03:00 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
    [2009/04/06 18:52:39 | 000,000,222 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2009/04/06 18:52:39 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI.ESOE
    [2009/04/06 12:52:54 | 000,094,784 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2009/04/06 11:58:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2006/01/26 15:42:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/11/01 14:59:16 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
    [2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

    ========== LOP Check ==========

    [2010/11/26 16:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
    [2010/11/26 18:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2010/11/24 17:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iPass
    [2010/11/30 20:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2010/11/24 18:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screentime
    [2010/11/30 22:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/04/06 12:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{ABCF2613-B074-49B8-8A4C-5EA193A250F6}
    [2010/12/04 01:34:38 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

    ========== Purity Check ==========



    < End of report >
  7. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      PRC - [2008/03/10 22:16:44 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
      PRC - [2008/03/10 22:16:42 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
      PRC - [2008/03/10 22:16:42 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
      PRC - [2008/03/10 22:16:42 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
      SRV - [2008/03/10 22:16:42 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
      O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
      
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files\McAfee
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
  8. kathimango

    kathimango Newcomer, in training Topic Starter Posts: 28

    Hi Broni,

    Here are the logs...

    All processes killed
    ========== OTL ==========
    No active process named UdaterUI.exe was found!
    Process naPrdMgr.exe killed successfully!
    No active process named FrameworkService.exe was found!
    No active process named Mctray.exe was found!
    Service McAfeeFramework stopped successfully!
    Service McAfeeFramework deleted successfully!
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\McAfeeUpdaterUI deleted successfully.
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Program Files\McAfee\Common Framework\Microsoft.VC80.CRT folder moved successfully.
    C:\Program Files\McAfee\Common Framework\0409 folder moved successfully.
    C:\Program Files\McAfee\Common Framework folder moved successfully.
    C:\Program Files\McAfee folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 29210850 bytes
    ->Temporary Internet Files folder emptied: 12584823 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 760 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: kathi
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 7654 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 9655 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 40.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User

    User: kathi
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 12042010_233407

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SCH5AKZ2\crosspixel-dest[1].htm moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SCH5AKZ2\sh28[1].htm moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H2O0GQ16\topic157480-2[1].htm moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.

    Registry entries deleted on Reboot...
  9. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Good :)

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
  10. kathimango

    kathimango Newcomer, in training Topic Starter Posts: 28

    Hi Broni....Yay!! Thank you SO very much!
    --------
    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 355159 bytes
    ->Temporary Internet Files folder emptied: 2342023 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: kathi
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 2286 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1578 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 3.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User

    User: kathi
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.17.3 log created on 12052010_000209

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\PIRTX4A5\crosspixel-dest[1].htm moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\PIRTX4A5\mnu[1].htm moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\PIRTX4A5\montsplinks[1].htm moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OMRJADMM\tlbr[1].htm moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IPE4E4VV\sh28[1].htm moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0LNRV7WE\rd[1].htm moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0LNRV7WE\topic157480-2[1].htm moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.

    Registry entries deleted on Reboot...
  11. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Way to go!! [​IMG]
    Good luck and stay safe :)
  12. kathimango

    kathimango Newcomer, in training Topic Starter Posts: 28

    Hi Broni,

    Just wanted to say THANK YOU for hanging in there with me and helping to save my laptop. You were a great help and I truly appreciate all your time and effort.

    I will certainly take the advice you have given me to keep this machine clean! I will also share with others what a great website this is and the excellent support of those connected with it.

    Many thanks,

    Kathi
  13. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    You're very welcome [​IMG]
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.