Solved Redirect issues

Status
Not open for further replies.
A

Astros10

Posts: 11   +0
I have some redirct issues I'm hoping someone can help with. Here are the logs needed. I hope they are correct. Thank you very much for the help. Please let me know if this info is correct

Malwarebytes Anti-Malware log
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5643

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

1/30/2011 5:25:39 PM
mbam-log-2011-01-30 (17-25-39).txt

Scan type: Quick scan
Objects scanned: 154250
Time elapsed: 7 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1F158A1E-A687-4A11-9679-B3AC64B86A1C} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3BA4271E-5C1E-48E2-B432-D8BF420DD31D} (Rogue.DeusCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FD31ED6-7C94-4BBC-8E95-F927F4D3A949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3ED5288-F558-4F6E-8D5C-740CB6F89029} (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07AA283A-43D7-4CBE-A064-32A21112D94D} (Adware.Zango) -> Value: {07AA283A-43D7-4CBE-A064-32A21112D94D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07AA283A-43D7-4CBE-A064-32A21112D94D} (Adware.Zango) -> Value: {07AA283A-43D7-4CBE-A064-32A21112D94D} -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
c:\programdata\76669438 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

GMER log

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-01-30 17:58:32
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000078 WDC_WD32 rev.21.0
Running: 9c9vk0mj.exe; Driver: C:\Users\Colin\AppData\Local\Temp\pglcqpod.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x826380B8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x826380E2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x826380CE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x826380A4]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- Threads - GMER 1.0.15 ----

Thread System [4:256] 866DF898
Thread System [4:260] 866E18BD

---- EOF - GMER 1.0.15 ----

DDS (Ver_10-12-12.02) - NTFSx86
Run by Colin at 18:28:23.71 on Sun 01/30/2011
Internet Explorer: 8.0.6001.18999
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.1121 [GMT -8:00]

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlcicoms.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\alg.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\Colin\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Colin\Desktop\dds.scr
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

============== Pseudo HJT Report ===============

uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110129235939.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)" -"http://www.shockwave.com/gamelanding/open-wheel-grand-prix.jsp"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Dell PC TuneUp Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [FaxCenterServer] "c:\program files\dell fax solutions\fm3032.exe" /s
mRun: [DLCICATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCItime.dll,_RunDLLEntry@16
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\colin\appdata\roaming\micros~1\windows\startm~1\programs\startup\mlbtvn~1.lnk - c:\users\colin\appdata\local\autobahn\mlb-nexdef-autobahn.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\colin\appdata\roaming\mozilla\firefox\profiles\zcsdr9tb.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-1-29 386840]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-9-6 12800]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-1-29 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-1-29 164840]
R2 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-9-6 712048]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-9-6 712048]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-4 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-29 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-29 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-29 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-29 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-30 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-29 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-29 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-29 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-29 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-29 313288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-4 135664]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-15 21504]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-29 84264]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2011-01-31 01:14:45 -------- d-----w- c:\users\colin\appdata\roaming\Malwarebytes
2011-01-31 01:14:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-31 01:14:31 -------- d-----w- c:\progra~2\Malwarebytes
2011-01-31 01:14:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-31 01:14:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-30 20:54:28 -------- d-----w- c:\program files\common files\supportsoft
2011-01-30 08:47:13 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-30 08:47:13 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-30 08:47:13 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-30 08:47:13 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-30 08:47:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-30 08:47:13 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-30 08:47:13 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-30 08:47:13 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-30 08:47:13 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-30 08:47:13 1174528 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-30 08:47:12 680960 ----a-w- c:\windows\system32\d2d1.dll
2011-01-30 08:47:12 1068032 ----a-w- c:\windows\system32\DWrite.dll
2011-01-30 08:46:22 -------- d-----w- c:\program files\Feedback Tool
2011-01-30 08:01:14 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2011-01-30 08:01:14 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
2011-01-30 08:01:14 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-30 08:01:14 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
2011-01-30 08:01:14 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2011-01-30 08:01:14 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2011-01-30 08:01:08 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-30 07:59:39 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2011-01-30 07:59:36 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-01-30 07:55:15 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-01-30 07:54:46 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-01-30 07:54:46 164840 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-01-30 07:54:45 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-01-30 07:54:44 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-01-30 07:54:44 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-01-30 07:54:43 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-01-30 07:54:42 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-01-30 07:54:42 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-01-30 07:54:41 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-01-30 07:53:02 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{2e2d0802-350a-457d-a1d9-99725ebb5c53}\mpengine.dll
2011-01-30 04:47:22 -------- d-----w- c:\progra~2\PCDr
2011-01-30 04:47:09 -------- d-----w- c:\users\colin\appdata\roaming\PCDr
2011-01-29 19:53:38 -------- d-----w- c:\users\colin\appdata\local\Apps
2011-01-29 16:11:37 -------- d-----w- c:\program files\iPod(74)
2011-01-29 16:11:34 -------- d-----w- c:\program files\iTunes(75)
2011-01-29 07:50:16 -------- d-----w- c:\users\colin\appdata\roaming\McAfee

==================== Find3M ====================

2010-12-28 22:11:23 6303217 ----a-w- c:\progra~2\SPL1C27.tmp
2010-12-27 19:10:50 6303217 ----a-w- c:\progra~2\SPL94B.tmp
2010-11-30 01:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb

============= FINISH: 18:35:25.09 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 3/8/2007 1:33:56 PM
System Uptime: 1/30/2011 5:52:12 PM (1 hours ago)

Motherboard: Dell Inc | | 0UW457
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket M2 | 2000/1000mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 288 GiB total, 191.54 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.907 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP2925: 1/17/2011 7:38:04 PM - Scheduled Checkpoint
RP2927: 1/18/2011 1:26:10 AM - Windows Update
RP2929: 1/19/2011 12:00:08 AM - Scheduled Checkpoint
RP2931: 1/20/2011 12:00:08 AM - Scheduled Checkpoint
RP2933: 1/20/2011 10:51:06 PM - Windows Update
RP2935: 1/22/2011 12:00:09 AM - Scheduled Checkpoint
RP2937: 1/22/2011 5:34:16 AM - Device Driver Package Install: McAfee, Inc. Network Service
RP2939: 1/22/2011 6:10:06 PM - Scheduled Checkpoint
RP2941: 1/24/2011 12:00:04 AM - Scheduled Checkpoint
RP2943: 1/25/2011 12:00:07 AM - Scheduled Checkpoint
RP2945: 1/25/2011 2:19:57 PM - Scheduled Checkpoint
RP2947: 1/27/2011 12:00:06 AM - Scheduled Checkpoint
RP2949: 1/28/2011 12:00:05 AM - Scheduled Checkpoint
RP2950: 1/28/2011 11:32:56 PM - 1/28/2001 10:30:00 PM
RP2951: 1/28/2011 11:35:23 PM - Restore Operation
RP2953: 1/29/2011 8:04:57 AM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
RP2955: 1/29/2011 8:05:31 AM - Device Driver Package Install: Apple Network adapters
RP2956: 1/29/2011 10:00:42 AM - 1/26/2011 6:00:00 AM
RP2957: 1/29/2011 10:01:56 AM - Restore Operation
RP2958: 1/29/2011 12:44:07 PM - Restore Operation
RP2960: 1/29/2011 1:21:11 PM - Windows Update
RP2962: 1/29/2011 1:23:09 PM - Device Driver Package Install: McAfee, Inc. Network Service
RP2964: 1/29/2011 6:32:37 PM - Device Driver Package Install: McAfee, Inc. Network Service
RP2966: 1/29/2011 8:52:33 PM - Installed Dell Support Center
RP2967: 1/29/2011 11:14:13 PM - Restore Operation
RP2969: 1/29/2011 11:52:34 PM - Windows Update
RP2971: 1/30/2011 12:00:27 AM - Device Driver Package Install: McAfee, Inc. Network Service
RP2973: 1/30/2011 12:02:49 AM - Windows Update
RP2975: 1/30/2011 12:46:54 AM - Windows Update
RP2977: 1/30/2011 12:49:13 AM - Windows Update
RP2979: 1/30/2011 1:57:36 AM - Windows Modules Installer
RP2981: 1/30/2011 12:52:35 PM - Removed Dell Support Center (Support Software).
RP2983: 1/30/2011 12:55:21 PM - Removed Dell Support Center (Support Software).

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.1.0
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center Ex
Bonjour
CCScore
Compatibility Pack for the 2007 Office system
Conexant D850 PCI V.92 Modem
Consumer Complete Care Services Agreement
Coupon Printer for Windows
Dell AIO Printer 946
Dell Games
Dell PC Fax
Dell PC TuneUp
Dell Support Center (Support Software)
Dell System Customization Wizard
DellSupport
Destinator Console
Destinator Resource Installer NA
Digital Line Detect
Disney Toontown Online
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Feedback Tool
fflink
Games, Music, & Photos Launcher
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IrfanView (remove only)
iTunes
Java(TM) SE Runtime Environment 6
Juniper Networks Setup Client
Juniper Networks Setup Client Activex Control
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Works
MobileMe Control Panel
Modem Diagnostic Tool
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.6)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
netbrdg
NetWaiting
Norton Security Scan
Notifier
OfotoXMI
OGA Notifier 2.0.0048.0
Qualxserve Service Agreement
QuickTime
Rhapsody
Rhapsody Player Engine
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Safari
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
SFR
SHASTA
SigmaTel Audio
SKIN0001
SKINXSDK
Sonic Activation Module
staticcr
tooltips
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
User's Guides
VPRINTOL
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
Windows Mobile® Device Handbook
WIRELESS
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

1/30/2011 9:06:42 AM, Error: EventLog [6008] - The previous system shutdown at 9:05:09 AM on 1/30/2011 was unexpected.
1/30/2011 5:54:40 PM, Error: Microsoft-Windows-WMPNSS-Service [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2767'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
1/30/2011 5:54:03 PM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk0\DR0.
1/30/2011 5:52:37 PM, Error: EventLog [6008] - The previous system shutdown at 5:43:35 PM on 1/30/2011 was unexpected.
1/30/2011 5:09:33 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/30/2011 5:07:18 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00188B5F0F64 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
1/30/2011 4:58:35 PM, Error: Service Control Manager [7034] - The Ati External Event Utility service terminated unexpectedly. It has done this 1 time(s).
1/30/2011 3:11:34 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
1/30/2011 3:09:04 AM, Error: Service Control Manager [7022] - The McAfee Network Agent service hung on starting.
1/30/2011 2:56:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
1/30/2011 2:56:08 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2011 2:54:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/30/2011 2:53:53 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC ElRawDisk mfehidk mfenlfk mfewfpk NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr StarOpen Tcpip tdx Wanarpv6
1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2011 2:53:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/30/2011 2:53:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/30/2011 2:53:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/30/2011 2:53:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
1/30/2011 2:53:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/30/2011 2:53:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/30/2011 2:52:39 AM, Error: EventLog [6008] - The previous system shutdown at 2:50:06 AM on 1/30/2011 was unexpected.
1/30/2011 2:42:32 AM, Error: EventLog [6008] - The previous system shutdown at 2:39:58 AM on 1/30/2011 was unexpected.
1/30/2011 12:34:15 AM, Error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
1/30/2011 12:34:15 AM, Error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
1/30/2011 11:42:42 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 68.224.243.17 for the Network Card with network address 00188B5F0F64 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
1/30/2011 11:02:37 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{1398CE71-25F6-4148-8A23-1E230A49F49F} because another computer on the network has the same name. The server could not start.
1/29/2011 9:18:52 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 00188B5F0F64 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
1/29/2011 8:05:56 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/29/2011 8:04:23 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/29/2011 7:28:34 PM, Error: EventLog [6008] - The previous system shutdown at 7:26:09 PM on 1/29/2011 was unexpected.
1/29/2011 6:24:18 PM, Error: Service Control Manager [7003] - The McAfee Network Agent service depends the following service: mfefire. This service might not be installed.
1/29/2011 6:23:18 PM, Error: Service Control Manager [7003] - The McAfee Proxy Service service depends the following service: mfefire. This service might not be installed.
1/29/2011 11:43:29 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.97.22.0 Loading engine version: 1.1.6402.0
1/29/2011 11:42:29 PM, Error: Microsoft-Windows-WMPNSS-Service [14351] - A media delivery engine with ID '0' was not initialized because the content provider's serial number could not be retrieved due to error '0x80010100'. In Windows Media Player, turn off media sharing, and then turn it back on. If the problem persists, reinstall Windows Media Player if possible.
1/29/2011 11:42:29 PM, Error: Microsoft-Windows-WMPNSS-Service [14349] - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x80010100'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
1/29/2011 11:31:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
1/29/2011 10:14:53 PM, Error: Service Control Manager [7000] - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.
1/29/2011 10:07:55 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00188B5F0F64. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
New logs

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 161):
0x82009000 \SystemRoot\system32\ntkrnlpa.exe
0x823C2000 \SystemRoot\system32\hal.dll
0x80402000 \SystemRoot\system32\kdcom.dll
0x80409000 \SystemRoot\system32\PSHED.dll
0x8041A000 \SystemRoot\system32\BOOTVID.dll
0x80422000 \SystemRoot\system32\CLFS.SYS
0x80463000 \SystemRoot\system32\CI.dll
0x80543000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805BF000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80606000 \SystemRoot\system32\drivers\acpi.sys
0x8064C000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80655000 \SystemRoot\system32\drivers\msisadrv.sys
0x8065D000 \SystemRoot\system32\drivers\pci.sys
0x80684000 \SystemRoot\System32\drivers\partmgr.sys
0x80693000 \SystemRoot\system32\drivers\volmgr.sys
0x806A2000 \SystemRoot\System32\drivers\volmgrx.sys
0x806EC000 \SystemRoot\System32\drivers\mountmgr.sys
0x806FC000 \SystemRoot\system32\drivers\nvstor.sys
0x80709000 \SystemRoot\system32\drivers\storport.sys
0x8074A000 \SystemRoot\system32\DRIVERS\nvstor32.sys
0x80767000 \SystemRoot\system32\drivers\fltmgr.sys
0x80799000 \SystemRoot\system32\drivers\fileinfo.sys
0x82605000 \SystemRoot\system32\drivers\mfehidk.sys
0x82662000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
0x82678000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82681000 \SystemRoot\System32\Drivers\ksecdd.sys
0x826F2000 \SystemRoot\system32\drivers\ndis.sys
0x807A9000 \SystemRoot\system32\drivers\msrpc.sys
0x82C06000 \SystemRoot\system32\drivers\NETIO.SYS
0x82C41000 \SystemRoot\System32\Drivers\Ntfs.sys
0x82D51000 \SystemRoot\system32\drivers\volsnap.sys
0x82D8A000 \SystemRoot\System32\Drivers\spldr.sys
0x82D92000 \SystemRoot\System32\Drivers\mup.sys
0x82DA1000 \SystemRoot\System32\drivers\ecache.sys
0x82DC8000 \SystemRoot\system32\drivers\disk.sys
0x82DD9000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x807D4000 \SystemRoot\system32\drivers\crcdisk.sys
0x807F4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x805E9000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8C002000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x8C207000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8C933000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C9D4000 \SystemRoot\System32\drivers\watchdog.sys
0x8C9E0000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8C012000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8C9EA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C9F9000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0x8C050000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C200000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8C068000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0x8C079000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
0x8C0C3000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C0ED000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8CE06000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8CEBA000 \SystemRoot\system32\drivers\modem.sys
0x8CEC7000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8CF54000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8CF83000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8CF8E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8CFA5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8CFB0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8CFD3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8CFE2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8D00C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8D021000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8D031000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8D03C000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8D047000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8D049000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8D053000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8D060000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8D095000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D0A6000 \SystemRoot\system32\drivers\HdAudio.sys
0x8D0E5000 \SystemRoot\system32\drivers\portcls.sys
0x8D112000 \SystemRoot\system32\drivers\drmk.sys
0x8D137000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D140000 \SystemRoot\System32\Drivers\Null.SYS
0x8D147000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D14E000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0x8D15D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8D164000 \SystemRoot\System32\drivers\vga.sys
0x8D170000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D191000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D199000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D1A1000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D1AC000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D1BA000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D806000 \SystemRoot\System32\drivers\tcpip.sys
0x8D8F0000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8D90B000 \SystemRoot\system32\drivers\mfewfpk.sys
0x8D932000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D948000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D95C000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D98E000 \SystemRoot\system32\drivers\afd.sys
0x8D9D6000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D1C3000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8D9EC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D9EE000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x8D1DA000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x8D1E4000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8D1ED000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8D000000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8D154000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8C1F0000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x805F2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D800000 \SystemRoot\System32\Drivers\StarOpen.SYS
0x8DC00000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8DC13000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8DC4F000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8DC59000 \??\C:\Windows\system32\drivers\elrawdsk.sys
0x8DC5D000 \SystemRoot\System32\Drivers\dfsc.sys
0x8DC74000 \SystemRoot\system32\drivers\mfeavfk.sys
0x8DC98000 \SystemRoot\system32\drivers\mfefirek.sys
0x8DCE3000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8DCF9000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8DD06000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8DD10000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x94C50000 \SystemRoot\System32\win32k.sys
0x8DD2D000 \SystemRoot\System32\drivers\Dxapi.sys
0x8DD37000 \SystemRoot\system32\DRIVERS\monitor.sys
0x94E70000 \SystemRoot\System32\TSDDD.dll
0x94E90000 \SystemRoot\System32\cdd.dll
0x8DD46000 \SystemRoot\system32\drivers\luafv.sys
0x8DD61000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0x8DD6C000 \SystemRoot\System32\DLA\DLADResM.SYS
0x8DD6D000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0x8DD85000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0x8DD8A000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0x8DD8C000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0x8DD93000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0x8DD9A000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0x8DDB0000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0x98C06000 \SystemRoot\system32\drivers\spsys.sys
0x98CB6000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x98CC6000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x98CD9000 \SystemRoot\system32\drivers\HTTP.sys
0x98D46000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x98D63000 \SystemRoot\system32\DRIVERS\bowser.sys
0x98D7C000 \SystemRoot\System32\drivers\mpsdrv.sys
0x98D91000 \SystemRoot\system32\drivers\mrxdav.sys
0x98DB2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x99E02000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x99E3B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x99E53000 \SystemRoot\System32\DRIVERS\srv2.sys
0x99E7B000 \SystemRoot\System32\DRIVERS\srv.sys
0x99EC9000 \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys
0x99ECB000 \SystemRoot\System32\Drivers\MCSTRM.SYS
0x99ECD000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x99ED1000 \SystemRoot\system32\drivers\peauth.sys
0x99FAF000 \SystemRoot\System32\Drivers\secdrv.SYS
0x99FB9000 \SystemRoot\System32\drivers\tcpipreg.sys
0x99FC5000 \SystemRoot\System32\Drivers\fastfat.SYS
0x99FED000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x98DD1000 \SystemRoot\system32\drivers\cfwids.sys
0x8DDCF000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x805CC000 \??\C:\Users\Colin\AppData\Local\Temp\pglcqpod.sys
0x98DF3000 \??\C:\Users\Colin\AppData\Local\Temp\mbr.sys
0x98DDD000 \SystemRoot\system32\drivers\mfeapfk.sys
0x99FF5000 \SystemRoot\system32\drivers\mfebopk.sys
0x99E00000 \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
0x779A0000 \Windows\System32\ntdll.dll

Processes (total 81):
0 System Idle Process
4 System
496 C:\Windows\System32\smss.exe
636 csrss.exe
688 C:\Windows\System32\wininit.exe
700 csrss.exe
732 C:\Windows\System32\services.exe
764 C:\Windows\System32\lsass.exe
776 C:\Windows\System32\lsm.exe
800 C:\Windows\System32\winlogon.exe
944 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\Ati2evxx.exe
1240 C:\Windows\System32\svchost.exe
1308 C:\Windows\System32\svchost.exe
1352 C:\Windows\System32\svchost.exe
1420 C:\Windows\System32\audiodg.exe
1444 C:\Windows\System32\svchost.exe
1476 C:\Windows\System32\SLsvc.exe
1516 C:\Windows\System32\svchost.exe
1680 C:\Windows\System32\svchost.exe
1812 C:\Windows\System32\Ati2evxx.exe
1876 C:\Windows\System32\spoolsv.exe
1908 C:\Windows\System32\svchost.exe
364 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
512 C:\Program Files\Bonjour\mDNSResponder.exe
616 C:\Windows\System32\dlcicoms.exe
884 C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
2004 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
600 C:\Windows\System32\mfevtps.exe
2124 C:\Windows\System32\svchost.exe
2140 C:\Windows\System32\rundll32.exe
2180 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
2296 C:\Windows\System32\svchost.exe
2336 C:\Windows\System32\svchost.exe
2416 C:\Windows\System32\SearchIndexer.exe
2544 C:\Windows\System32\drivers\XAudio.exe
2564 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2604 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2744 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
2996 C:\Windows\System32\dwm.exe
3044 C:\Windows\explorer.exe
3172 C:\Windows\System32\taskeng.exe
3544 C:\Windows\System32\alg.exe
3964 C:\Program Files\Windows Defender\MSASCui.exe
4016 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
4052 C:\Windows\WindowsMobile\wmdc.exe
2328 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
3024 C:\Program Files\iTunes\iTunesHelper.exe
3100 C:\Program Files\McAfee.com\Agent\mcagent.exe
2808 C:\Program Files\DellSupport\DSAgnt.exe
2820 C:\Windows\ehome\ehtray.exe
3088 C:\Windows\ehome\ehmsas.exe
3844 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
4012 C:\Program Files\Windows Media Player\wmpnscfg.exe
3348 C:\Program Files\Digital Line Detect\DLG.exe
1536 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
3672 C:\Users\Colin\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
2892 C:\Windows\System32\svchost.exe
2112 C:\Program Files\Windows Media Player\wmpnetwk.exe
4232 C:\Windows\System32\mobsync.exe
5544 C:\Program Files\iPod\bin\iPodService.exe
5760 C:\Program Files\Dell Support Center\gs_agent\dsc.exe
4608 C:\Program Files\Common Files\McAfee\Core\mchost.exe
2740 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
2116 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
5444 C:\Windows\System32\wbem\unsecapp.exe
5668 WmiPrvSE.exe
3116 C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
5472 C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
5436 C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
1488 C:\Program Files\Internet Explorer\iexplore.exe
2800 C:\Program Files\Internet Explorer\iexplore.exe
5936 C:\Program Files\Internet Explorer\iexplore.exe
6032 C:\Program Files\Internet Explorer\iexplore.exe
4940 C:\Windows\System32\SearchProtocolHost.exe
2352 C:\Windows\System32\SearchFilterHost.exe
1572 dllhost.exe
2976 dllhost.exe
1100 C:\Users\Colin\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83000000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03000000 (NTFS)

PhysicalDrive0 Model Number: WDC WD3200KS-75PFB0, Rev: 21.0

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

ComboFix 11-01-30.02 - Colin 01/30/2011 22:29:16.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.1216 [GMT -8:00]
Running from: c:\users\Colin\Desktop\Colin.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\arp.exe

----- BITS: Possible infected sites -----

hxxp://updates.swarmcast.net
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-31 )))))))))))))))))))))))))))))))
.

2011-01-31 06:39 . 2011-01-31 06:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-31 01:14 . 2011-01-31 01:14 -------- d-----w- c:\users\Colin\AppData\Roaming\Malwarebytes
2011-01-31 01:14 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-31 01:14 . 2011-01-31 01:14 -------- d-----w- c:\programdata\Malwarebytes
2011-01-31 01:14 . 2011-01-31 01:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-31 01:14 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-30 20:54 . 2011-01-30 20:54 -------- d-----w- c:\program files\Common Files\supportsoft
2011-01-30 08:47 . 2010-08-17 23:54 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-30 08:47 . 2010-08-17 23:54 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-30 08:47 . 2010-08-17 23:52 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-30 08:47 . 2010-08-17 23:51 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-30 08:47 . 2010-08-17 23:51 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-30 08:47 . 2010-08-17 23:51 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-30 08:47 . 2010-08-17 23:49 1174528 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-30 08:47 . 2010-08-17 23:49 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-30 08:47 . 2010-08-17 23:48 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-30 08:47 . 2010-08-17 23:48 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-30 08:47 . 2010-08-17 23:50 680960 ----a-w- c:\windows\system32\d2d1.dll
2011-01-30 08:47 . 2010-08-17 23:49 1068032 ----a-w- c:\windows\system32\DWrite.dll
2011-01-30 08:46 . 2011-01-30 08:46 -------- d-----w- c:\program files\Feedback Tool
2011-01-30 08:01 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-30 08:01 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-30 08:01 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-30 08:01 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-30 08:01 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-30 08:01 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-30 08:01 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-30 07:53 . 2011-01-20 18:39 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E2D0802-350A-457D-A1D9-99725EBB5C53}\mpengine.dll
2011-01-30 04:47 . 2011-01-30 05:11 -------- d-----w- c:\programdata\PCDr
2011-01-30 04:47 . 2011-01-30 04:51 -------- d-----w- c:\users\Colin\AppData\Roaming\PCDr
2011-01-29 19:53 . 2011-01-29 19:53 -------- d-----w- c:\users\Colin\AppData\Local\Apps
2011-01-29 16:11 . 2011-01-29 18:08 -------- d-----w- c:\program files\iPod(74)
2011-01-29 16:11 . 2011-01-29 16:12 -------- d-----w- c:\program files\iTunes(75)
2011-01-29 07:50 . 2011-01-29 07:50 -------- d-----w- c:\users\Colin\AppData\Roaming\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-28 22:11 . 2010-12-28 22:11 6303217 ----a-w- c:\programdata\SPL1C27.tmp
2010-12-27 19:10 . 2010-12-27 19:10 6303217 ----a-w- c:\programdata\SPL94B.tmp
2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-04 18:56 . 2010-12-15 18:05 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55 . 2010-12-15 18:05 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55 . 2010-12-15 18:05 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55 . 2010-12-15 18:05 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34 . 2010-12-15 18:05 171520 ----a-w- c:\windows\system32\taskeng.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-12 446976]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Dell PC TuneUp Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2009-06-24 314224]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-15 47904]
"FaxCenterServer"="c:\program files\Dell Fax Solutions\fm3032.exe" [2006-12-08 312200]
"DLCICATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll" [2006-10-20 73728]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]

c:\users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MLB.TV NexDef Plug-in.lnk - c:\users\Colin\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe [2010-4-2 802056]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-3-8 45056]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-04 135664]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [x]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2007-09-20 12800]
S2 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe [2006-12-08 537480]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-02-07 712048]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-02-07 712048]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2011-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-04 18:41]

2011-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-04 18:41]

2011-01-13 c:\windows\Tasks\Norton Security Scan for Colin.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-10 18:04]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
FF - ProfilePath - c:\users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\zcsdr9tb.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe
AddRemove-MSC - c:\program files\McAfee\MSC\mcuihost.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-30 22:39
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCICATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


c:\users\Colin\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6f,64,13,40,41,f5,ab,46,aa,c8,f1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6f,64,13,40,41,f5,ab,46,aa,c8,f1,\

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-01-30 22:42:32
ComboFix-quarantined-files.txt 2011-01-31 06:42

Pre-Run: 205,714,894,848 bytes free
Post-Run: 205,663,518,720 bytes free

- - End Of File - - B4EA5FE12CB497C1C68C1C04FEB2E106
 
Looks good now.

How is redirection?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Redirect seems to be corrected, Thank You

OTL logfile created on: 1/31/2011 9:09:09 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Colin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 190.35 Gb Free Space | 66.08% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.91 Gb Free Space | 59.07% Space Free | Partition Type: NTFS
Drive F: | 111.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: COLIN-PC | User Name: Colin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/31 09:07:38 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Colin\Desktop\OTL.exe
PRC - [2010/11/22 18:15:16 | 001,193,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2010/04/02 13:44:58 | 000,802,056 | ---- | M] () -- C:\Users\Colin\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
PRC - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010/01/15 04:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/06/26 15:05:06 | 000,578,904 | ---- | M] () -- C:\Program Files\Dell\PC TuneUp\SMSystemAnalyzer.exe
PRC - [2009/05/21 09:55:38 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/06 17:16:54 | 000,712,048 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2008/01/18 23:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/12/07 21:17:44 | 000,537,480 | ---- | M] ( ) -- C:\Windows\System32\dlcicoms.exe
PRC - [2006/11/12 00:19:46 | 000,446,976 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/10/03 09:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2006/09/22 07:35:58 | 000,045,056 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/04/28 07:14:44 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


========== Modules (SafeList) ==========

MOD - [2011/01/31 09:07:38 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Colin\Desktop\OTL.exe
MOD - [2010/08/31 07:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/04/01 09:57:36 | 000,015,056 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (0252851296457175mcinstcleanup) McAfee Application Installer Cleanup (0252851296457175)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/08/17 15:49:16 | 000,797,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/02/06 17:16:54 | 000,712,048 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2009/02/06 17:16:54 | 000,712,048 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/12/07 21:17:44 | 000,537,480 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlcicoms.exe -- (dlci_device)
SRV - [2006/11/07 11:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 22:28:54 | 000,164,840 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 22:28:54 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2010/10/13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/05/07 11:03:33 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/06/18 07:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/10/26 19:08:29 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/09/20 13:12:34 | 000,012,800 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\elrawdsk.sys -- (ElRawDisk)
DRV - [2007/08/09 17:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/03/08 21:28:58 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/03/08 21:28:58 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/03/08 21:28:58 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/02/09 14:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\drvnddm.sys -- (DRVNDDM)
DRV - [2007/02/08 22:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/01/12 09:52:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/01/05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 01:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 01:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 01:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 01:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 01:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 01:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 01:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 01:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 01:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 01:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 01:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 01:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 01:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 01:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 01:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 01:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 01:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 01:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/01 23:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/01 23:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/01 23:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/24 20:53:08 | 002,068,992 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/18 10:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 10:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/18 10:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/10/05 14:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/18 11:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 11:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 11:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 11:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 11:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 11:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 11:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 11:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/17 13:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/08/11 08:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/08/04 16:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/07/21 09:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/04/09 21:02:17 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RT25USBAP.SYS -- (RT25USBAP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-3331267197-4093515384-3967935643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-3331267197-4093515384-3967935643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3331267197-4093515384-3967935643-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3331267197-4093515384-3967935643-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/01/31 00:51:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/30 22:57:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/29 23:25:40 | 000,000,000 | ---D | M]

[2011/01/29 23:25:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\zcsdr9tb.default\extensions
[2011/01/29 23:25:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\zcsdr9tb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/31 00:51:22 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2010/10/13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2009/11/19 13:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 13:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/10/30 09:44:48 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/01/30 22:39:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110130225740.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3331267197-4093515384-3967935643-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [Dell PC TuneUp Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLCICATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCItime.DLL ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKU\S-1-5-21-3331267197-4093515384-3967935643-1000..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-3331267197-4093515384-3967935643-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - Startup: C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk = C:\Users\Colin\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3331267197-4093515384-3967935643-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3331267197-4093515384-3967935643-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3331267197-4093515384-3967935643-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3331267197-4093515384-3967935643-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3331267197-4093515384-3967935643-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3331267197-4093515384-3967935643-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-3331267197-4093515384-3967935643-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Colin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Colin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/02/21 16:43:07 | 000,358,248 | R--- | M] (NETGEAR Inc.) - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2000/05/17 09:22:36 | 000,000,045 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/01/31 09:07:24 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Colin\Desktop\OTL.exe
[2011/01/30 23:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/01/30 22:57:47 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2011/01/30 22:57:37 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2011/01/30 22:57:33 | 000,313,288 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2011/01/30 22:57:33 | 000,164,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2011/01/30 22:57:33 | 000,152,960 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2011/01/30 22:57:33 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2011/01/30 22:57:33 | 000,064,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2011/01/30 22:57:33 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2011/01/30 22:57:33 | 000,052,104 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2011/01/30 22:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2011/01/30 22:55:08 | 000,141,792 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2011/01/30 22:42:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/01/30 22:23:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/01/30 22:23:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/01/30 22:23:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/01/30 22:22:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/01/30 20:04:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/30 17:14:45 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\Malwarebytes
[2011/01/30 17:14:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/01/30 17:14:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/30 17:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/30 17:14:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/01/30 17:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/30 17:12:18 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Colin\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/30 16:53:52 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Colin\Desktop\TFC.exe
[2011/01/30 12:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2011/01/30 12:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft
[2011/01/30 02:32:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/30 00:47:13 | 001,174,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/01/30 00:47:13 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/01/30 00:47:13 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011/01/30 00:47:13 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/01/30 00:47:13 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/01/30 00:47:13 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/01/30 00:47:13 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/01/30 00:47:13 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/01/30 00:47:13 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/01/30 00:47:13 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/01/30 00:47:12 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/01/30 00:47:12 | 000,680,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/01/30 00:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\Feedback Tool
[2011/01/30 00:01:14 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/01/30 00:01:08 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/01/29 20:47:22 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr
[2011/01/29 20:47:09 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\PCDr
[2011/01/29 11:53:38 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Local\Apps
[2011/01/29 08:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(74)
[2011/01/29 08:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(75)
[2011/01/28 23:50:16 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\McAfee
[2010/02/24 16:59:44 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\DLCIhcp.dll
[2006/10/11 06:01:40 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcipmui.dll
[2006/10/11 05:59:56 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlciserv.dll
[2006/10/11 05:54:10 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcicomm.dll
[2006/10/11 05:52:34 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcilmpm.dll
[2006/10/11 05:51:16 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlciiesc.dll
[2006/10/11 05:48:58 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcipplc.dll
[2006/10/11 05:48:14 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcicomc.dll
[2006/10/11 05:47:42 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlciprox.dll
[2006/10/11 05:41:42 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlciinpa.dll
[2006/10/11 05:41:04 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlciusb1.dll
[2006/10/11 05:37:14 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcihbn3.dll
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========
 
[2011/01/31 09:07:38 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Colin\Desktop\OTL.exe
[2011/01/31 08:52:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/31 08:21:29 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/31 08:21:29 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/30 23:07:00 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2011/01/30 22:39:21 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/01/30 22:22:32 | 004,262,903 | R--- | M] () -- C:\Users\Colin\Desktop\Colin.exe
[2011/01/30 22:21:39 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/30 22:21:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/30 22:06:45 | 211,017,710 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/30 21:59:01 | 000,720,344 | ---- | M] () -- C:\Users\Colin\Desktop\rkill.com
[2011/01/30 19:40:38 | 000,080,384 | ---- | M] () -- C:\Users\Colin\Desktop\MBRCheck.exe
[2011/01/30 18:09:56 | 000,624,128 | ---- | M] () -- C:\Users\Colin\Desktop\dds.scr
[2011/01/30 17:38:35 | 000,296,448 | ---- | M] () -- C:\Users\Colin\Desktop\9c9vk0mj.exe
[2011/01/30 17:14:32 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/30 17:12:29 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Colin\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/30 16:54:01 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Colin\Desktop\TFC.exe
[2011/01/30 12:08:04 | 000,005,889 | ---- | M] () -- C:\Users\Colin\Desktop\Router_Setup.html
[2011/01/30 00:48:48 | 000,000,000 | -H-- | M] () -- C:\Windows\wusa.lock
[2011/01/30 00:28:56 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/30 00:28:55 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/28 23:19:55 | 000,000,040 | ---- | M] () -- C:\ProgramData\~nRqXEN39yecC
[2011/01/28 23:19:54 | 000,000,152 | ---- | M] () -- C:\ProgramData\~nRqXEN39yecCr
[2011/01/27 13:51:46 | 000,163,533 | ---- | M] () -- C:\Users\Colin\Documents\taxform.pdf
[2011/01/12 16:38:02 | 000,000,558 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Colin.job
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/30 23:01:51 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2011/01/30 22:23:44 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/30 22:23:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/30 22:23:44 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/30 22:23:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/30 22:23:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/01/30 22:10:49 | 004,262,903 | R--- | C] () -- C:\Users\Colin\Desktop\Colin.exe
[2011/01/30 21:58:56 | 000,720,344 | ---- | C] () -- C:\Users\Colin\Desktop\rkill.com
[2011/01/30 19:40:27 | 000,080,384 | ---- | C] () -- C:\Users\Colin\Desktop\MBRCheck.exe
[2011/01/30 18:09:37 | 000,624,128 | ---- | C] () -- C:\Users\Colin\Desktop\dds.scr
[2011/01/30 17:38:31 | 000,296,448 | ---- | C] () -- C:\Users\Colin\Desktop\9c9vk0mj.exe
[2011/01/30 17:14:32 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/30 09:06:32 | 211,017,710 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/01/30 00:45:49 | 000,000,000 | -H-- | C] () -- C:\Windows\wusa.lock
[2011/01/29 21:25:50 | 000,000,172 | R--- | C] () -- C:\Users\Colin\Desktop\Router Login.url
[2011/01/29 21:25:49 | 000,005,889 | ---- | C] () -- C:\Users\Colin\Desktop\Router_Setup.html
[2011/01/28 23:19:54 | 000,000,152 | ---- | C] () -- C:\ProgramData\~nRqXEN39yecCr
[2011/01/28 23:19:54 | 000,000,040 | ---- | C] () -- C:\ProgramData\~nRqXEN39yecC
[2011/01/27 13:51:45 | 000,163,533 | ---- | C] () -- C:\Users\Colin\Documents\taxform.pdf
[2010/11/10 13:38:29 | 000,000,000 | ---- | C] () -- C:\Users\Colin\AppData\Local\AutobahnAcceleratorInstall.txt
[2010/02/24 16:59:45 | 000,274,432 | ---- | C] () -- C:\Windows\System32\DLCIinst.dll
[2010/02/24 16:08:12 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2010/02/24 16:08:12 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2009/12/25 12:29:29 | 000,000,680 | ---- | C] () -- C:\Users\Colin\AppData\Local\d3d9caps.dat
[2009/09/16 21:47:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/04/07 19:15:21 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009/04/07 19:11:57 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008/09/06 12:41:33 | 000,938,328 | ---- | C] () -- C:\Windows\System32\Incinerator.dll
[2008/09/06 12:39:03 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2008/09/04 17:24:07 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/04/05 09:32:45 | 000,001,750 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\autobahn.log
[2007/03/29 18:45:26 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2007/03/15 19:47:39 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/03/15 17:52:05 | 000,030,208 | ---- | C] () -- C:\Users\Colin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/08 21:29:03 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/03/08 13:52:54 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/03/08 13:52:54 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2006/12/06 13:25:54 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlciinsr.dll
[2006/12/06 13:25:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcicur.dll
[2006/12/06 13:24:50 | 000,135,168 | ---- | C] () -- C:\Windows\System32\dlcijswr.dll
[2006/12/06 13:20:30 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlciinsb.dll
[2006/12/06 13:20:22 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcicub.dll
[2006/12/06 13:20:06 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcicu.dll
[2006/12/06 13:20:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\dlciins.dll
[2006/12/06 13:18:44 | 000,434,176 | ---- | C] () -- C:\Windows\System32\dlciutil.dll
[2006/11/07 11:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/07 00:30:48 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcicoin.dll
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 21:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 21:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/01/08 21:56:26 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dlcicfg.dll
[2005/12/02 12:53:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlcicnv4.dll
[2005/08/17 18:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcivs.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 13:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 22:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/11/10 05:22:24 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/01/30 22:42:32 | 000,016,552 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 13:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/03/08 21:29:15 | 000,005,281 | RH-- | M] () -- C:\dell.sdr
[2010/02/24 16:49:52 | 000,000,270 | ---- | M] () -- C:\dlci.log
[2007/03/15 17:01:46 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/03/15 17:01:46 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/01/30 22:21:22 | 2459,705,344 | -HS- | M] () -- C:\pagefile.sys
[2011/01/30 22:13:42 | 000,000,542 | ---- | M] () -- C:\rkill.log
[2010/02/24 16:09:29 | 000,000,172 | ---- | M] () -- C:\setupfax.log
[2007/03/08 14:01:01 | 000,000,070 | ---- | M] () -- C:\SystemInfo.ini

< %systemroot%\Fonts\*.com >
[2006/11/02 04:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 04:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 04:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/09/24 16:04:46 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 13:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/10/20 00:31:42 | 000,118,272 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\dlciPP5C.DLL
[2006/11/02 04:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/09/21 14:43:09 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 02:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 02:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 02:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 02:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 02:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/06/17 11:33:04 | 000,000,286 | -HS- | M] () -- C:\Users\Colin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/01/30 17:38:35 | 000,296,448 | ---- | M] () -- C:\Users\Colin\Desktop\9c9vk0mj.exe
[2011/01/30 22:22:32 | 004,262,903 | R--- | M] () -- C:\Users\Colin\Desktop\Colin.exe
[2011/01/30 17:12:29 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Colin\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/30 19:40:38 | 000,080,384 | ---- | M] () -- C:\Users\Colin\Desktop\MBRCheck.exe
[2011/01/31 09:07:38 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Colin\Desktop\OTL.exe
[2011/01/30 16:54:01 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Colin\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/08/30 18:03:29 | 000,000,402 | -HS- | M] () -- C:\Users\Colin\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/11/29 08:18:35 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2009/06/25 18:52:07 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/01/28 23:19:55 | 000,000,040 | ---- | M] () -- C:\ProgramData\~nRqXEN39yecC
[2011/01/28 23:19:54 | 000,000,152 | ---- | M] () -- C:\ProgramData\~nRqXEN39yecCr
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
No captured output from command...

< dir /b "%systemroot%\*.exe" | find /i " " /c >
No captured output from command...

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[1998/09/02 00:46:12 | 000,075,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:20240A47

< End of report >
 
OTL Extras logfile created on: 1/31/2011 9:09:09 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Colin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 190.35 Gb Free Space | 66.08% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.91 Gb Free Space | 59.07% Space Free | Partition Type: NTFS
Drive F: | 111.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: COLIN-PC | User Name: Colin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3331267197-4093515384-3967935643-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{24C51CFA-70CD-45E1-87D0-9D2DB35A77E3}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{2BAF2ED0-A110-4176-A40C-0D6FDBA6F177}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3018F8CE-0A4A-4144-9B8E-7A036A77F75E}" = lport=137 | protocol=17 | dir=in | app=system |
"{39C16296-9768-48FA-AB35-44D84E2AE101}" = rport=138 | protocol=17 | dir=out | app=system |
"{3CFBDE63-F11B-4B56-8B28-07A972E32A00}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{41EF795A-0A6E-4947-8B4B-3CDAE5BBF1A5}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4006 |
"{445FCEA8-C35E-4EB1-BDDA-803F01D454B5}" = lport=139 | protocol=6 | dir=in | app=system |
"{4810CEBB-3B0F-4ED5-B40A-A225086FBC39}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{5E1BFB01-25AE-47D5-AEEB-7219A55EE3ED}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{71F6197F-B634-4B4D-BF2C-00C4F56407FC}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{805D2F9F-C7FB-4CF2-950D-ED339A409CF4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{806051DC-2132-41E2-8DE1-5B0ABF2FF53A}" = lport=138 | protocol=17 | dir=in | app=system |
"{879CABEF-4F24-4D29-9313-A60E11016269}" = lport=445 | protocol=6 | dir=in | app=system |
"{89C36931-D750-453B-A923-EE8771B49041}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9525123C-F7CE-498A-8F96-11BC5E78C799}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A2384FE4-2E81-44DB-85C3-250EC44EDDD6}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A4E94E88-3A3E-4643-8475-217CCE58BD43}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A6381191-D3D0-4B30-828B-54BB3E48912C}" = rport=139 | protocol=6 | dir=out | app=system |
"{B7C71437-CDED-44D9-996E-EEE0C68C6EB8}" = rport=445 | protocol=6 | dir=out | app=system |
"{B9D6415D-4C46-4A67-976D-40C13BE18F96}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C66FBB7E-3F48-4FDD-A907-D572B21BE842}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CEA2BFB7-A8AB-445C-BAE8-C142066E13BB}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{DC627804-BB1E-43D0-A9B9-A1C8EE24AD6D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E1B94788-C50C-4CFA-A83C-A0BBF121906B}" = rport=137 | protocol=17 | dir=out | app=system |
"{EF85C708-831C-4BEF-A3D8-C4C54E950D63}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A3AACB-6B21-446D-915A-00550004C1ED}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0698DF37-DE62-45A0-BC06-8A31B08AF625}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{09F1F36E-63DE-4911-A9FC-10FB9DA6712C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1E148A43-8505-45BC-A152-3A134D752E92}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{446903A4-F62C-4EA2-B7E4-56C3A79A58F7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{455110C2-74D7-429E-B7EB-82436DA5ECEC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{546388F3-E184-4A58-8277-88D9C644D46A}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{5C797472-CDF9-4B21-A3FD-05F469295559}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5EE731F7-6F84-4C95-8F1F-E1760AB242E7}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{66D6C0FD-570A-41F9-BAFD-05626E33A657}" = protocol=17 | dir=in | app=c:\program files\dell aio printer 946\dlcimon.exe |
"{80CE0C08-155C-47F6-AA7B-27BC462646CA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{859B8B63-1E1F-4697-95F8-2A40FFD3EB2B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8753A4C0-EEC9-4C36-9870-8955F6D665B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8BBD2C47-6B04-4B64-B531-E7A6C4FFEC03}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{95A41D8B-3796-444B-B561-7BF343294A3D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9D3582B6-3F06-453F-9C5F-DDE72992C8CC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A58B2DFD-D1B9-4D43-BB27-19E846C0127B}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{A98EC886-D67D-4A4F-B832-0709DD5B03D2}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dlcipswx.exe |
"{B26526CF-A794-4D28-8AF5-BAF92A0410C0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B3025FE1-426B-4DF8-8223-11D2FFD4CF24}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B3970768-B450-4DB3-A128-891FC6033A5F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B95C196C-1E0D-4024-8A6E-37FB300DEE66}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dlcipswx.exe |
"{BD71CE34-7A43-4E53-8A23-25594121CAAB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D169B90C-C676-41E8-8B6E-16B3E15755C1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D3CD77AA-D300-4401-8549-8D9352A43F12}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D4BDB2BF-FE1C-4A7F-9D0F-EA6034959360}" = protocol=17 | dir=in | app=c:\windows\system32\dlcicoms.exe |
"{D4CE58A0-C153-4180-A53D-C66C95CE3F0A}" = protocol=6 | dir=in | app=c:\program files\dell aio printer 946\dlciaiox.exe |
"{D9BFCD6A-B55E-468E-84C8-3A452C199AB2}" = protocol=17 | dir=in | app=c:\program files\dell aio printer 946\dlciaiox.exe |
"{DB59D245-4992-4F89-90E3-0D49C1570170}" = protocol=6 | dir=in | app=c:\program files\dell aio printer 946\dlcimon.exe |
"{DDD2239E-A4D6-4555-BB93-ADC8BF264E9C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DE117989-2B7A-4FBA-A4B1-159083E5EB5C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E1C876A8-3CA0-4EAC-A6F0-4067A5C6BE26}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E62B99F5-ED86-45BE-B1C5-A0F6260E23E9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EB6C4DCD-6E72-49AC-837C-F49CB5CB9531}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{EF3C1EF9-418F-448F-ACB0-611ED2DA3534}" = protocol=6 | dir=in | app=c:\windows\system32\dlcicoms.exe |
"{F1C29029-7C4A-4B62-AD68-F59F6D25DCC9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FA1DF9E7-ADFF-4022-B71A-382101BE04A0}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"TCP Query User{1769779F-70B5-498D-ADC3-0C22B652E1F2}C:\programdata\autobahn\mlb-nexdef-autobahn.exe" = protocol=6 | dir=in | app=c:\programdata\autobahn\mlb-nexdef-autobahn.exe |
"TCP Query User{1C177B3E-7AEF-45DC-8940-4D31A1A2BAD8}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"TCP Query User{67F5FC81-ECA1-4B37-856E-EAC18141D2C5}C:\program files\red storm entertainment\ravenshield\system\ravenshield.exe" = protocol=6 | dir=in | app=c:\program files\red storm entertainment\ravenshield\system\ravenshield.exe |
"TCP Query User{6F8D7B2F-20C5-4854-8F3D-83D4B9F677F0}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"TCP Query User{9B2283A8-C119-4BE7-B1E6-BC25ADC9B73B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A379C340-4D4B-48B6-9934-43E3FF6BB4A4}C:\programdata\autobahn\mlb-nexdef-autobahn.exe" = protocol=6 | dir=in | app=c:\programdata\autobahn\mlb-nexdef-autobahn.exe |
"TCP Query User{D15EE358-2C62-44FE-9077-F06864CCB141}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{1F2B1D6C-6FB9-4103-BE41-34872ED6745C}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{34009A3F-EBE1-4A78-9D50-5F36FF344ABA}C:\programdata\autobahn\mlb-nexdef-autobahn.exe" = protocol=17 | dir=in | app=c:\programdata\autobahn\mlb-nexdef-autobahn.exe |
"UDP Query User{34F92CE2-D483-41E8-841B-82B9B016A635}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{3D1478B8-27F6-47D9-B592-CCFA7E0045D6}C:\programdata\autobahn\mlb-nexdef-autobahn.exe" = protocol=17 | dir=in | app=c:\programdata\autobahn\mlb-nexdef-autobahn.exe |
"UDP Query User{5B4E719B-ABFC-4345-80BD-8EB807B3AAC7}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"UDP Query User{7FFA62BF-C1D4-41CD-8E59-318726532B87}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"UDP Query User{BD1ADDDC-5D37-47B5-8DFA-3A9FDF6D8D08}C:\program files\red storm entertainment\ravenshield\system\ravenshield.exe" = protocol=17 | dir=in | app=c:\program files\red storm entertainment\ravenshield\system\ravenshield.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25E81740-CA17-489E-A8B6-54319A1C4D41}}_is1" = Dell PC TuneUp
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{71C27D05-DFB4-4585-919E-631379695D72}" = Samsung PC Studio 3
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91534B49-11A8-465F-9721-3D1A4C59AB6A}" = Destinator Resource Installer NA
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB8CA439-DA83-419C-A4CF-5A0A50025144}" = Windows Mobile Device Center Driver Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}" = Consumer Complete Care Services Agreement
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F08F36A8-7EEA-DB4D-00D1-2CA68C2DD445}" = ATI Catalyst Control Center Ex
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Dell AIO Printer 946" = Dell AIO Printer 946
"Dell Fax Solutions" = Dell PC Fax
"Destinator Console" = Destinator Console
"Disney Toontown Online" = Disney Toontown Online
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"IrfanView" = IrfanView (remove only)
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSC" = McAfee SecurityCenter
"NSS" = Norton Security Scan
"Rhapsody" = Rhapsody
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"UnityWebPlayer" = Unity Web Player
"WildTangent dell Master Uninstall" = Dell Games
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3331267197-4093515384-3967935643-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/30/2008 6:23:28 PM | Computer Name = Colin-PC | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x8007274a) failure (see data for failure code).

Error - 8/30/2008 6:30:39 PM | Computer Name = Colin-PC | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x8007274a) failure (see data for failure code).

Error - 8/30/2008 6:39:59 PM | Computer Name = Colin-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Lex Talus
Corporation\Precision Shooter's Workbench\LRBS.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/30/2008 6:40:17 PM | Computer Name = Colin-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Lex Talus
Corporation\Precision Shooter's Workbench\LRBS.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/30/2008 6:40:28 PM | Computer Name = Colin-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Lex Talus
Corporation\Precision Shooter's Workbench\LRBS.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/30/2008 6:41:09 PM | Computer Name = Colin-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Lex Talus
Corporation\Precision Shooter's Workbench\LRBS.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/30/2008 6:41:26 PM | Computer Name = Colin-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Lex Talus
Corporation\Precision Shooter's Workbench\LRBS.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/30/2008 6:41:40 PM | Computer Name = Colin-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Lex Talus
Corporation\Precision Shooter's Workbench\LRBS.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/30/2008 6:42:24 PM | Computer Name = Colin-PC | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x8007274a) failure (see data for failure code).

Error - 8/30/2008 6:44:50 PM | Computer Name = Colin-PC | Source = VSS | ID = 8194
Description =

[ Media Center Events ]
Error - 5/22/2008 7:22:22 AM | Computer Name = Colin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/24/2008 12:17:07 AM | Computer Name = Colin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/3/2008 3:01:16 AM | Computer Name = Colin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/7/2008 10:53:47 AM | Computer Name = Colin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 7/11/2008 5:32:44 PM | Computer Name = Colin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/7/2008 5:41:13 PM | Computer Name = Colin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/17/2008 5:50:34 AM | Computer Name = Colin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/18/2008 5:49:37 AM | Computer Name = Colin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 3/26/2009 5:31:20 PM | Computer Name = Colin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 1/31/2011 2:28:05 AM | Computer Name = Colin-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 1/31/2011 2:28:55 AM | Computer Name = Colin-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 1/31/2011 2:28:55 AM | Computer Name = Colin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/31/2011 2:28:55 AM | Computer Name = Colin-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 1/31/2011 2:39:23 AM | Computer Name = Colin-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 1/31/2011 2:55:07 AM | Computer Name = Colin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/31/2011 2:55:07 AM | Computer Name = Colin-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 1/31/2011 2:57:16 AM | Computer Name = Colin-PC | Source = DCOM | ID = 10005
Description =

Error - 1/31/2011 2:57:16 AM | Computer Name = Colin-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 1/31/2011 2:57:16 AM | Computer Name = Colin-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
 
Good news :)

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

=====================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2011/01/28 23:19:55 | 000,000,040 | ---- | M] () -- C:\ProgramData\~nRqXEN39yecC
[2011/01/28 23:19:54 | 000,000,152 | ---- | M] () -- C:\ProgramData\~nRqXEN39yecCr
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:20240A47


:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" =-

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=======================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
McAfee Security Scan Plus
McAfee SecurityCenter
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 23
Java(TM) SE Runtime Environment 6
Out of date Java installed!
Adobe Flash Player 10.0.45.2
Adobe Reader 7.1.0
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
iolo common lib ioloServiceManager.exe
``````````End of Log````````````


C:\Users\Colin\AppData\Roaming\Dell\Installers\PCTuneUp2.exe probably unknown NewHeur_PE virus
 
You posted wrong OTL log.
I assume, you clicked on "Scan" button, instead of "Fix" button.
Please, redo.
 
Sorry posted the wrong log. This should be the correct one.

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes' Anti-Malware (reboot) not found.
File C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
File delete failed. C:\Windows\System32\OLD1DD2.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\System32\OLD1EDD.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\System32\OLD1F8B.tmp scheduled to be deleted on reboot.
File C:\ProgramData\~nRqXEN39yecC not found.
File C:\ProgramData\~nRqXEN39yecCr not found.
Unable to delete ADS C:\ProgramData\TEMP:20240A47 .
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware\\DisableMonitoring not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Colin
->Temp folder emptied: 366112 bytes
->Temporary Internet Files folder emptied: 5252127 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1116 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 496296 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 262588 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6.00 mb


[EMPTYFLASH]

User: All Users

User: Colin
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 01312011_143109

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\OLD1DD2.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\System32\OLD1EDD.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\System32\OLD1F8B.tmp scheduled to be moved on reboot.
File\Folder C:\Users\Colin\AppData\Local\Temp\~DF8DEE.tmp not found!
File\Folder C:\Users\Colin\AppData\Local\Temp\~WRS0000.tmp not found!
C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X0R57MA0\sh30[1].html moved successfully.
C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RTDRIBPN\topic160485[1].html moved successfully.
C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\072IHYG6\adServer[1].htm moved successfully.
C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\072IHYG6\crosspixel-dest[1].htm moved successfully.
C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Windows\temp\fb_1596.lck not found!

Registry entries deleted on Reboot...
 
Uninstall Java(TM) SE Runtime Environment 6.

Update Firefox to the newest 3.6.13 version.

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

=======================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL

:Services

:Reg

:Files
C:\Users\Colin\AppData\Roaming\Dell\Installers\PCTuneUp2.exe

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

========================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Users\Colin\AppData\Roaming\Dell\Installers\PCTuneUp2.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Colin
->Temp folder emptied: 400495 bytes
->Temporary Internet Files folder emptied: 24141842 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3859158 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 496296 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 262588 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 28.00 mb


[EMPTYFLASH]

User: All Users

User: Colin
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 01312011_154049

Files\Folders moved on Reboot...
File\Folder C:\Users\Colin\AppData\Local\Temp\~DFC11.tmp not found!
File\Folder C:\Users\Colin\AppData\Local\Temp\~WRS0000.tmp not found!
C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9K0UT686\sh30[1].html moved successfully.
C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8YVLY54H\ads[2].htm moved successfully.
C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8YVLY54H\crosspixel-dest[1].htm moved successfully.
C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4375INKF\topic160485[1].html moved successfully.
C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\System32\OLD1DD2.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\System32\OLD1EDD.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\System32\OLD1F8B.tmp scheduled to be moved on reboot.
File\Folder C:\Windows\temp\fb_2020.lck not found!

Registry entries deleted on Reboot...
 
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Colin
->Temp folder emptied: 431895 bytes
->Temporary Internet Files folder emptied: 3904591 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 496296 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 262588 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5.00 mb


[EMPTYFLASH]

User: All Users

User: Colin
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.20.6 log created on 01312011_155116

Files\Folders moved on Reboot...
File\Folder C:\Users\Colin\AppData\Local\Temp\Low\hsperfdata_Colin\2864 not found!
C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PKEM8XXA\ads[1].htm moved successfully.
C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AIHLR6LP\topic160485[2].html moved successfully.
C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\85YM4M03\crosspixel-dest[1].htm moved successfully.
C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2QJ5HXF8\sh30[1].html moved successfully.
C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\Windows\System32\OLD1DD2.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\System32\OLD1EDD.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\System32\OLD1F8B.tmp scheduled to be moved on reboot.
File\Folder C:\Windows\temp\fb_2040.lck not found!

Registry entries deleted on Reboot...
 
I don't know if this has anything to do with what we just did, but I am now getting a error that says IM32FAX.DiL not found. any suggestions?
 
It looks like some Lexmark file. Fax?

If you have any Lexmark device, you may want to reinstall it.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
825
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back