TechSpot

Redirect issues

By Astros10
Jan 30, 2011
  1. I have some redirct issues I'm hoping someone can help with. Here are the logs needed. I hope they are correct. Thank you very much for the help. Please let me know if this info is correct

    Malwarebytes Anti-Malware log
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5643

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18999

    1/30/2011 5:25:39 PM
    mbam-log-2011-01-30 (17-25-39).txt

    Scan type: Quick scan
    Objects scanned: 154250
    Time elapsed: 7 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 4
    Registry Values Infected: 2
    Registry Data Items Infected: 2
    Folders Infected: 1
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1F158A1E-A687-4A11-9679-B3AC64B86A1C} (Adware.Seekmo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3BA4271E-5C1E-48E2-B432-D8BF420DD31D} (Rogue.DeusCleaner) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FD31ED6-7C94-4BBC-8E95-F927F4D3A949} (Adware.180Solutions) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3ED5288-F558-4F6E-8D5C-740CB6F89029} (Rogue.Multiple) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07AA283A-43D7-4CBE-A064-32A21112D94D} (Adware.Zango) -> Value: {07AA283A-43D7-4CBE-A064-32A21112D94D} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07AA283A-43D7-4CBE-A064-32A21112D94D} (Adware.Zango) -> Value: {07AA283A-43D7-4CBE-A064-32A21112D94D} -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

    Folders Infected:
    c:\programdata\76669438 (Rogue.Multiple) -> Quarantined and deleted successfully.

    Files Infected:
    (No malicious items detected)

    GMER log

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-01-30 17:58:32
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000078 WDC_WD32 rev.21.0
    Running: 9c9vk0mj.exe; Driver: C:\Users\Colin\AppData\Local\Temp\pglcqpod.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x826380B8]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x826380E2]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x826380CE]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x826380A4]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:256] 866DF898
    Thread System [4:260] 866E18BD

    ---- EOF - GMER 1.0.15 ----

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Colin at 18:28:23.71 on Sun 01/30/2011
    Internet Explorer: 8.0.6001.18999
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.1121 [GMT -8:00]

    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\dlcicoms.exe
    C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Windows\system32\mfevtps.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\alg.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Users\Colin\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Dell Support Center\gs_agent\dsc.exe
    C:\Program Files\Common Files\McAfee\Core\mchost.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Users\Colin\Desktop\dds.scr
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    ============== Pseudo HJT Report ===============

    uWindow Title = Internet Explorer provided by Dell
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    mURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110129235939.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)" -"http://www.shockwave.com/gamelanding/open-wheel-grand-prix.jsp"
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [<NO NAME>]
    mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [Dell PC TuneUp Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [FaxCenterServer] "c:\program files\dell fax solutions\fm3032.exe" /s
    mRun: [DLCICATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCItime.dll,_RunDLLEntry@16
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\users\colin\appdata\roaming\micros~1\windows\startm~1\programs\startup\mlbtvn~1.lnk - c:\users\colin\appdata\local\autobahn\mlb-nexdef-autobahn.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    Trusted Zone: real.com\rhap-app-4-0
    Trusted Zone: real.com\rhapreg
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\colin\appdata\roaming\mozilla\firefox\profiles\zcsdr9tb.default\
    FF - prefs.js: browser.search.selectedEngine - Secure Search
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - component: c:\program files\mozilla firefox\components\Scriptff.dll

    ============= SERVICES / DRIVERS ===============

    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-1-29 386840]
    R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-9-6 12800]
    R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-1-29 64304]
    R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-1-29 164840]
    R2 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?]
    R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-9-6 712048]
    R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-9-6 712048]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-4 88176]
    R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-29 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-29 271480]
    R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-29 271480]
    R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-29 171168]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-30 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-29 141792]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-29 55840]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-29 152960]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-29 52104]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-29 313288]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-4 135664]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-15 21504]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-29 84264]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== File Associations ===============

    JSEFile=NOTEPAD.EXE %1
    VBEFile=NOTEPAD.EXE %1
    VBSFile=NOTEPAD.EXE %1

    =============== Created Last 30 ================

    2011-01-31 01:14:45 -------- d-----w- c:\users\colin\appdata\roaming\Malwarebytes
    2011-01-31 01:14:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-31 01:14:31 -------- d-----w- c:\progra~2\Malwarebytes
    2011-01-31 01:14:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-31 01:14:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-30 20:54:28 -------- d-----w- c:\program files\common files\supportsoft
    2011-01-30 08:47:13 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-30 08:47:13 797184 ----a-w- c:\windows\system32\FntCache.dll
    2011-01-30 08:47:13 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-30 08:47:13 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-30 08:47:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-01-30 08:47:13 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-30 08:47:13 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-30 08:47:13 161280 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-30 08:47:13 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-30 08:47:13 1174528 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-30 08:47:12 680960 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-30 08:47:12 1068032 ----a-w- c:\windows\system32\DWrite.dll
    2011-01-30 08:46:22 -------- d-----w- c:\program files\Feedback Tool
    2011-01-30 08:01:14 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
    2011-01-30 08:01:14 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
    2011-01-30 08:01:14 413696 ----a-w- c:\windows\system32\odbc32.dll
    2011-01-30 08:01:14 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
    2011-01-30 08:01:14 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
    2011-01-30 08:01:14 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
    2011-01-30 08:01:08 1169408 ----a-w- c:\windows\system32\sdclt.exe
    2011-01-30 07:59:39 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    2011-01-30 07:59:36 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-01-30 07:55:15 141792 ----a-w- c:\windows\system32\mfevtps.exe
    2011-01-30 07:54:46 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
    2011-01-30 07:54:46 164840 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2011-01-30 07:54:45 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-01-30 07:54:44 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-01-30 07:54:44 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-01-30 07:54:43 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2011-01-30 07:54:42 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-01-30 07:54:42 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-01-30 07:54:41 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2011-01-30 07:53:02 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{2e2d0802-350a-457d-a1d9-99725ebb5c53}\mpengine.dll
    2011-01-30 04:47:22 -------- d-----w- c:\progra~2\PCDr
    2011-01-30 04:47:09 -------- d-----w- c:\users\colin\appdata\roaming\PCDr
    2011-01-29 19:53:38 -------- d-----w- c:\users\colin\appdata\local\Apps
    2011-01-29 16:11:37 -------- d-----w- c:\program files\iPod(74)
    2011-01-29 16:11:34 -------- d-----w- c:\program files\iTunes(75)
    2011-01-29 07:50:16 -------- d-----w- c:\users\colin\appdata\roaming\McAfee

    ==================== Find3M ====================

    2010-12-28 22:11:23 6303217 ----a-w- c:\progra~2\SPL1C27.tmp
    2010-12-27 19:10:50 6303217 ----a-w- c:\progra~2\SPL94B.tmp
    2010-11-30 01:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-30 01:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb

    ============= FINISH: 18:35:25.09 ===============
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 3/8/2007 1:33:56 PM
    System Uptime: 1/30/2011 5:52:12 PM (1 hours ago)

    Motherboard: Dell Inc | | 0UW457
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket M2 | 2000/1000mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 288 GiB total, 191.54 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 5.907 GiB free.
    E: is CDROM ()
    F: is CDROM (CDFS)

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP2925: 1/17/2011 7:38:04 PM - Scheduled Checkpoint
    RP2927: 1/18/2011 1:26:10 AM - Windows Update
    RP2929: 1/19/2011 12:00:08 AM - Scheduled Checkpoint
    RP2931: 1/20/2011 12:00:08 AM - Scheduled Checkpoint
    RP2933: 1/20/2011 10:51:06 PM - Windows Update
    RP2935: 1/22/2011 12:00:09 AM - Scheduled Checkpoint
    RP2937: 1/22/2011 5:34:16 AM - Device Driver Package Install: McAfee, Inc. Network Service
    RP2939: 1/22/2011 6:10:06 PM - Scheduled Checkpoint
    RP2941: 1/24/2011 12:00:04 AM - Scheduled Checkpoint
    RP2943: 1/25/2011 12:00:07 AM - Scheduled Checkpoint
    RP2945: 1/25/2011 2:19:57 PM - Scheduled Checkpoint
    RP2947: 1/27/2011 12:00:06 AM - Scheduled Checkpoint
    RP2949: 1/28/2011 12:00:05 AM - Scheduled Checkpoint
    RP2950: 1/28/2011 11:32:56 PM - 1/28/2001 10:30:00 PM
    RP2951: 1/28/2011 11:35:23 PM - Restore Operation
    RP2953: 1/29/2011 8:04:57 AM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
    RP2955: 1/29/2011 8:05:31 AM - Device Driver Package Install: Apple Network adapters
    RP2956: 1/29/2011 10:00:42 AM - 1/26/2011 6:00:00 AM
    RP2957: 1/29/2011 10:01:56 AM - Restore Operation
    RP2958: 1/29/2011 12:44:07 PM - Restore Operation
    RP2960: 1/29/2011 1:21:11 PM - Windows Update
    RP2962: 1/29/2011 1:23:09 PM - Device Driver Package Install: McAfee, Inc. Network Service
    RP2964: 1/29/2011 6:32:37 PM - Device Driver Package Install: McAfee, Inc. Network Service
    RP2966: 1/29/2011 8:52:33 PM - Installed Dell Support Center
    RP2967: 1/29/2011 11:14:13 PM - Restore Operation
    RP2969: 1/29/2011 11:52:34 PM - Windows Update
    RP2971: 1/30/2011 12:00:27 AM - Device Driver Package Install: McAfee, Inc. Network Service
    RP2973: 1/30/2011 12:02:49 AM - Windows Update
    RP2975: 1/30/2011 12:46:54 AM - Windows Update
    RP2977: 1/30/2011 12:49:13 AM - Windows Update
    RP2979: 1/30/2011 1:57:36 AM - Windows Modules Installer
    RP2981: 1/30/2011 12:52:35 PM - Removed Dell Support Center (Support Software).
    RP2983: 1/30/2011 12:55:21 PM - Removed Dell Support Center (Support Software).

    ==== Installed Programs ======================

    ABBYY FineReader 6.0 Sprint
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 7.1.0
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Catalyst Control Center Ex
    Bonjour
    CCScore
    Compatibility Pack for the 2007 Office system
    Conexant D850 PCI V.92 Modem
    Consumer Complete Care Services Agreement
    Coupon Printer for Windows
    Dell AIO Printer 946
    Dell Games
    Dell PC Fax
    Dell PC TuneUp
    Dell Support Center (Support Software)
    Dell System Customization Wizard
    DellSupport
    Destinator Console
    Destinator Resource Installer NA
    Digital Line Detect
    Disney Toontown Online
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSSONIC
    ESSTOOLS
    essvatgt
    Feedback Tool
    fflink
    Games, Music, & Photos Launcher
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    IrfanView (remove only)
    iTunes
    Java(TM) SE Runtime Environment 6
    Juniper Networks Setup Client
    Juniper Networks Setup Client Activex Control
    kgcbaby
    kgcbase
    kgchday
    kgchlwn
    kgcinvt
    kgckids
    kgcmove
    kgcvday
    Kodak EasyShare software
    KSU
    Malwarebytes' Anti-Malware
    McAfee Security Scan Plus
    McAfee SecurityCenter
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office XP Professional with FrontPage
    Microsoft Silverlight
    Microsoft Works
    MobileMe Control Panel
    Modem Diagnostic Tool
    Move Networks Media Player for Internet Explorer
    Mozilla Firefox (3.6)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    netbrdg
    NetWaiting
    Norton Security Scan
    Notifier
    OfotoXMI
    OGA Notifier 2.0.0048.0
    Qualxserve Service Agreement
    QuickTime
    Rhapsody
    Rhapsody Player Engine
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Express Labeler
    Roxio MyDVD DE
    Roxio Update Manager
    Safari
    SAMSUNG Mobile Composite Device Software
    Samsung Mobile phone USB driver Software
    SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Samsung PC Studio 3
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    SFR
    SHASTA
    SigmaTel Audio
    SKIN0001
    SKINXSDK
    Sonic Activation Module
    staticcr
    tooltips
    Unity Web Player
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    User's Guides
    VPRINTOL
    Windows Mobile Device Center
    Windows Mobile Device Center Driver Update
    Windows Mobile® Device Handbook
    WIRELESS
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    1/30/2011 9:06:42 AM, Error: EventLog [6008] - The previous system shutdown at 9:05:09 AM on 1/30/2011 was unexpected.
    1/30/2011 5:54:40 PM, Error: Microsoft-Windows-WMPNSS-Service [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2767'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
    1/30/2011 5:54:03 PM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk0\DR0.
    1/30/2011 5:52:37 PM, Error: EventLog [6008] - The previous system shutdown at 5:43:35 PM on 1/30/2011 was unexpected.
    1/30/2011 5:09:33 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/30/2011 5:07:18 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00188B5F0F64 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    1/30/2011 4:58:35 PM, Error: Service Control Manager [7034] - The Ati External Event Utility service terminated unexpectedly. It has done this 1 time(s).
    1/30/2011 3:11:34 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    1/30/2011 3:09:04 AM, Error: Service Control Manager [7022] - The McAfee Network Agent service hung on starting.
    1/30/2011 2:56:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
    1/30/2011 2:56:08 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    1/30/2011 2:54:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    1/30/2011 2:53:53 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC ElRawDisk mfehidk mfenlfk mfewfpk NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr StarOpen Tcpip tdx Wanarpv6
    1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
    1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/30/2011 2:53:53 AM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/30/2011 2:53:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    1/30/2011 2:53:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    1/30/2011 2:53:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    1/30/2011 2:53:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    1/30/2011 2:53:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/30/2011 2:53:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    1/30/2011 2:52:39 AM, Error: EventLog [6008] - The previous system shutdown at 2:50:06 AM on 1/30/2011 was unexpected.
    1/30/2011 2:42:32 AM, Error: EventLog [6008] - The previous system shutdown at 2:39:58 AM on 1/30/2011 was unexpected.
    1/30/2011 12:34:15 AM, Error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
    1/30/2011 12:34:15 AM, Error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    1/30/2011 11:42:42 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 68.224.243.17 for the Network Card with network address 00188B5F0F64 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    1/30/2011 11:02:37 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{1398CE71-25F6-4148-8A23-1E230A49F49F} because another computer on the network has the same name. The server could not start.
    1/29/2011 9:18:52 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 00188B5F0F64 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    1/29/2011 8:05:56 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/29/2011 8:04:23 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/29/2011 7:28:34 PM, Error: EventLog [6008] - The previous system shutdown at 7:26:09 PM on 1/29/2011 was unexpected.
    1/29/2011 6:24:18 PM, Error: Service Control Manager [7003] - The McAfee Network Agent service depends the following service: mfefire. This service might not be installed.
    1/29/2011 6:23:18 PM, Error: Service Control Manager [7003] - The McAfee Proxy Service service depends the following service: mfefire. This service might not be installed.
    1/29/2011 11:43:29 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.97.22.0 Loading engine version: 1.1.6402.0
    1/29/2011 11:42:29 PM, Error: Microsoft-Windows-WMPNSS-Service [14351] - A media delivery engine with ID '0' was not initialized because the content provider's serial number could not be retrieved due to error '0x80010100'. In Windows Media Player, turn off media sharing, and then turn it back on. If the problem persists, reinstall Windows Media Player if possible.
    1/29/2011 11:42:29 PM, Error: Microsoft-Windows-WMPNSS-Service [14349] - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x80010100'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
    1/29/2011 11:31:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
    1/29/2011 10:14:53 PM, Error: Service Control Manager [7000] - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.
    1/29/2011 10:07:55 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00188B5F0F64. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. Astros10

    Astros10 TS Rookie Topic Starter

    New logs

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Logical Drives Mask: 0x0000003c

    Kernel Drivers (total 161):
    0x82009000 \SystemRoot\system32\ntkrnlpa.exe
    0x823C2000 \SystemRoot\system32\hal.dll
    0x80402000 \SystemRoot\system32\kdcom.dll
    0x80409000 \SystemRoot\system32\PSHED.dll
    0x8041A000 \SystemRoot\system32\BOOTVID.dll
    0x80422000 \SystemRoot\system32\CLFS.SYS
    0x80463000 \SystemRoot\system32\CI.dll
    0x80543000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x805BF000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x80606000 \SystemRoot\system32\drivers\acpi.sys
    0x8064C000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x80655000 \SystemRoot\system32\drivers\msisadrv.sys
    0x8065D000 \SystemRoot\system32\drivers\pci.sys
    0x80684000 \SystemRoot\System32\drivers\partmgr.sys
    0x80693000 \SystemRoot\system32\drivers\volmgr.sys
    0x806A2000 \SystemRoot\System32\drivers\volmgrx.sys
    0x806EC000 \SystemRoot\System32\drivers\mountmgr.sys
    0x806FC000 \SystemRoot\system32\drivers\nvstor.sys
    0x80709000 \SystemRoot\system32\drivers\storport.sys
    0x8074A000 \SystemRoot\system32\DRIVERS\nvstor32.sys
    0x80767000 \SystemRoot\system32\drivers\fltmgr.sys
    0x80799000 \SystemRoot\system32\drivers\fileinfo.sys
    0x82605000 \SystemRoot\system32\drivers\mfehidk.sys
    0x82662000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
    0x82678000 \SystemRoot\System32\Drivers\PxHelp20.sys
    0x82681000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x826F2000 \SystemRoot\system32\drivers\ndis.sys
    0x807A9000 \SystemRoot\system32\drivers\msrpc.sys
    0x82C06000 \SystemRoot\system32\drivers\NETIO.SYS
    0x82C41000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x82D51000 \SystemRoot\system32\drivers\volsnap.sys
    0x82D8A000 \SystemRoot\System32\Drivers\spldr.sys
    0x82D92000 \SystemRoot\System32\Drivers\mup.sys
    0x82DA1000 \SystemRoot\System32\drivers\ecache.sys
    0x82DC8000 \SystemRoot\system32\drivers\disk.sys
    0x82DD9000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x807D4000 \SystemRoot\system32\drivers\crcdisk.sys
    0x807F4000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x805E9000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x8C002000 \SystemRoot\system32\DRIVERS\amdk8.sys
    0x8C207000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x8C933000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8C9D4000 \SystemRoot\System32\drivers\watchdog.sys
    0x8C9E0000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x8C012000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8C9EA000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8C9F9000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
    0x8C050000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8C200000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x8C068000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
    0x8C079000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
    0x8C0C3000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8C0ED000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    0x8CE06000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    0x8CEBA000 \SystemRoot\system32\drivers\modem.sys
    0x8CEC7000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8CF54000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8CF83000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8CF8E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8CFA5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8CFB0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8CFD3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8CFE2000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8D00C000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x8D021000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8D031000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8D03C000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8D047000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8D049000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8D053000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8D060000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8D095000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8D0A6000 \SystemRoot\system32\drivers\HdAudio.sys
    0x8D0E5000 \SystemRoot\system32\drivers\portcls.sys
    0x8D112000 \SystemRoot\system32\drivers\drmk.sys
    0x8D137000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x8D140000 \SystemRoot\System32\Drivers\Null.SYS
    0x8D147000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8D14E000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
    0x8D15D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x8D164000 \SystemRoot\System32\drivers\vga.sys
    0x8D170000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8D191000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8D199000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8D1A1000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8D1AC000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8D1BA000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x8D806000 \SystemRoot\System32\drivers\tcpip.sys
    0x8D8F0000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8D90B000 \SystemRoot\system32\drivers\mfewfpk.sys
    0x8D932000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8D948000 \SystemRoot\system32\DRIVERS\smb.sys
    0x8D95C000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8D98E000 \SystemRoot\system32\drivers\afd.sys
    0x8D9D6000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8D1C3000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x8D9EC000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8D9EE000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0x8D1DA000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0x8D1E4000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x8D1ED000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x8D000000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x8D154000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x8C1F0000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
    0x805F2000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x8D800000 \SystemRoot\System32\Drivers\StarOpen.SYS
    0x8DC00000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x8DC13000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8DC4F000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8DC59000 \??\C:\Windows\system32\drivers\elrawdsk.sys
    0x8DC5D000 \SystemRoot\System32\Drivers\dfsc.sys
    0x8DC74000 \SystemRoot\system32\drivers\mfeavfk.sys
    0x8DC98000 \SystemRoot\system32\drivers\mfefirek.sys
    0x8DCE3000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x8DCF9000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x8DD06000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0x8DD10000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
    0x94C50000 \SystemRoot\System32\win32k.sys
    0x8DD2D000 \SystemRoot\System32\drivers\Dxapi.sys
    0x8DD37000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x94E70000 \SystemRoot\System32\TSDDD.dll
    0x94E90000 \SystemRoot\System32\cdd.dll
    0x8DD46000 \SystemRoot\system32\drivers\luafv.sys
    0x8DD61000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
    0x8DD6C000 \SystemRoot\System32\DLA\DLADResM.SYS
    0x8DD6D000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
    0x8DD85000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
    0x8DD8A000 \SystemRoot\System32\DLA\DLAPoolM.SYS
    0x8DD8C000 \SystemRoot\System32\DLA\DLABMFSM.SYS
    0x8DD93000 \SystemRoot\System32\DLA\DLABOIOM.SYS
    0x8DD9A000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
    0x8DDB0000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
    0x98C06000 \SystemRoot\system32\drivers\spsys.sys
    0x98CB6000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x98CC6000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x98CD9000 \SystemRoot\system32\drivers\HTTP.sys
    0x98D46000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x98D63000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x98D7C000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x98D91000 \SystemRoot\system32\drivers\mrxdav.sys
    0x98DB2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x99E02000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x99E3B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x99E53000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x99E7B000 \SystemRoot\System32\DRIVERS\srv.sys
    0x99EC9000 \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys
    0x99ECB000 \SystemRoot\System32\Drivers\MCSTRM.SYS
    0x99ECD000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0x99ED1000 \SystemRoot\system32\drivers\peauth.sys
    0x99FAF000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x99FB9000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x99FC5000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x99FED000 \SystemRoot\system32\DRIVERS\xaudio.sys
    0x98DD1000 \SystemRoot\system32\drivers\cfwids.sys
    0x8DDCF000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0x805CC000 \??\C:\Users\Colin\AppData\Local\Temp\pglcqpod.sys
    0x98DF3000 \??\C:\Users\Colin\AppData\Local\Temp\mbr.sys
    0x98DDD000 \SystemRoot\system32\drivers\mfeapfk.sys
    0x99FF5000 \SystemRoot\system32\drivers\mfebopk.sys
    0x99E00000 \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
    0x779A0000 \Windows\System32\ntdll.dll

    Processes (total 81):
    0 System Idle Process
    4 System
    496 C:\Windows\System32\smss.exe
    636 csrss.exe
    688 C:\Windows\System32\wininit.exe
    700 csrss.exe
    732 C:\Windows\System32\services.exe
    764 C:\Windows\System32\lsass.exe
    776 C:\Windows\System32\lsm.exe
    800 C:\Windows\System32\winlogon.exe
    944 C:\Windows\System32\svchost.exe
    1064 C:\Windows\System32\svchost.exe
    1108 C:\Windows\System32\svchost.exe
    1196 C:\Windows\System32\Ati2evxx.exe
    1240 C:\Windows\System32\svchost.exe
    1308 C:\Windows\System32\svchost.exe
    1352 C:\Windows\System32\svchost.exe
    1420 C:\Windows\System32\audiodg.exe
    1444 C:\Windows\System32\svchost.exe
    1476 C:\Windows\System32\SLsvc.exe
    1516 C:\Windows\System32\svchost.exe
    1680 C:\Windows\System32\svchost.exe
    1812 C:\Windows\System32\Ati2evxx.exe
    1876 C:\Windows\System32\spoolsv.exe
    1908 C:\Windows\System32\svchost.exe
    364 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    512 C:\Program Files\Bonjour\mDNSResponder.exe
    616 C:\Windows\System32\dlcicoms.exe
    884 C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
    2004 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    600 C:\Windows\System32\mfevtps.exe
    2124 C:\Windows\System32\svchost.exe
    2140 C:\Windows\System32\rundll32.exe
    2180 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    2296 C:\Windows\System32\svchost.exe
    2336 C:\Windows\System32\svchost.exe
    2416 C:\Windows\System32\SearchIndexer.exe
    2544 C:\Windows\System32\drivers\XAudio.exe
    2564 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    2604 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    2744 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    2996 C:\Windows\System32\dwm.exe
    3044 C:\Windows\explorer.exe
    3172 C:\Windows\System32\taskeng.exe
    3544 C:\Windows\System32\alg.exe
    3964 C:\Program Files\Windows Defender\MSASCui.exe
    4016 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    4052 C:\Windows\WindowsMobile\wmdc.exe
    2328 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    3024 C:\Program Files\iTunes\iTunesHelper.exe
    3100 C:\Program Files\McAfee.com\Agent\mcagent.exe
    2808 C:\Program Files\DellSupport\DSAgnt.exe
    2820 C:\Windows\ehome\ehtray.exe
    3088 C:\Windows\ehome\ehmsas.exe
    3844 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    4012 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3348 C:\Program Files\Digital Line Detect\DLG.exe
    1536 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    3672 C:\Users\Colin\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
    2892 C:\Windows\System32\svchost.exe
    2112 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4232 C:\Windows\System32\mobsync.exe
    5544 C:\Program Files\iPod\bin\iPodService.exe
    5760 C:\Program Files\Dell Support Center\gs_agent\dsc.exe
    4608 C:\Program Files\Common Files\McAfee\Core\mchost.exe
    2740 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    2116 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    5444 C:\Windows\System32\wbem\unsecapp.exe
    5668 WmiPrvSE.exe
    3116 C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    5472 C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    5436 C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
    1488 C:\Program Files\Internet Explorer\iexplore.exe
    2800 C:\Program Files\Internet Explorer\iexplore.exe
    5936 C:\Program Files\Internet Explorer\iexplore.exe
    6032 C:\Program Files\Internet Explorer\iexplore.exe
    4940 C:\Windows\System32\SearchProtocolHost.exe
    2352 C:\Windows\System32\SearchFilterHost.exe
    1572 dllhost.exe
    2976 dllhost.exe
    1100 C:\Users\Colin\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83000000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03000000 (NTFS)

    PhysicalDrive0 Model Number: WDC WD3200KS-75PFB0, Rev: 21.0

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Done!

    ComboFix 11-01-30.02 - Colin 01/30/2011 22:29:16.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.1216 [GMT -8:00]
    Running from: c:\users\Colin\Desktop\Colin.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
    c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
    c:\windows\system32\arp.exe

    ----- BITS: Possible infected sites -----

    hxxp://updates.swarmcast.net
    Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    .
    ((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-31 )))))))))))))))))))))))))))))))
    .

    2011-01-31 06:39 . 2011-01-31 06:39 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-01-31 01:14 . 2011-01-31 01:14 -------- d-----w- c:\users\Colin\AppData\Roaming\Malwarebytes
    2011-01-31 01:14 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-31 01:14 . 2011-01-31 01:14 -------- d-----w- c:\programdata\Malwarebytes
    2011-01-31 01:14 . 2011-01-31 01:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-31 01:14 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-30 20:54 . 2011-01-30 20:54 -------- d-----w- c:\program files\Common Files\supportsoft
    2011-01-30 08:47 . 2010-08-17 23:54 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-01-30 08:47 . 2010-08-17 23:54 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-30 08:47 . 2010-08-17 23:52 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-30 08:47 . 2010-08-17 23:51 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-30 08:47 . 2010-08-17 23:51 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-30 08:47 . 2010-08-17 23:51 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-30 08:47 . 2010-08-17 23:49 1174528 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-30 08:47 . 2010-08-17 23:49 797184 ----a-w- c:\windows\system32\FntCache.dll
    2011-01-30 08:47 . 2010-08-17 23:48 161280 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-30 08:47 . 2010-08-17 23:48 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-30 08:47 . 2010-08-17 23:50 680960 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-30 08:47 . 2010-08-17 23:49 1068032 ----a-w- c:\windows\system32\DWrite.dll
    2011-01-30 08:46 . 2011-01-30 08:46 -------- d-----w- c:\program files\Feedback Tool
    2011-01-30 08:01 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
    2011-01-30 08:01 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
    2011-01-30 08:01 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
    2011-01-30 08:01 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2011-01-30 08:01 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
    2011-01-30 08:01 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
    2011-01-30 08:01 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
    2011-01-30 07:53 . 2011-01-20 18:39 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E2D0802-350A-457D-A1D9-99725EBB5C53}\mpengine.dll
    2011-01-30 04:47 . 2011-01-30 05:11 -------- d-----w- c:\programdata\PCDr
    2011-01-30 04:47 . 2011-01-30 04:51 -------- d-----w- c:\users\Colin\AppData\Roaming\PCDr
    2011-01-29 19:53 . 2011-01-29 19:53 -------- d-----w- c:\users\Colin\AppData\Local\Apps
    2011-01-29 16:11 . 2011-01-29 18:08 -------- d-----w- c:\program files\iPod(74)
    2011-01-29 16:11 . 2011-01-29 16:12 -------- d-----w- c:\program files\iTunes(75)
    2011-01-29 07:50 . 2011-01-29 07:50 -------- d-----w- c:\users\Colin\AppData\Roaming\McAfee

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-28 22:11 . 2010-12-28 22:11 6303217 ----a-w- c:\programdata\SPL1C27.tmp
    2010-12-27 19:10 . 2010-12-27 19:10 6303217 ----a-w- c:\programdata\SPL94B.tmp
    2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-04 18:56 . 2010-12-15 18:05 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-04 18:55 . 2010-12-15 18:05 352768 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-04 18:55 . 2010-12-15 18:05 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-04 18:55 . 2010-12-15 18:05 601600 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-04 16:34 . 2010-12-15 18:05 171520 ----a-w- c:\windows\system32\taskeng.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-12 446976]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "Dell PC TuneUp Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2009-06-24 314224]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-15 47904]
    "FaxCenterServer"="c:\program files\Dell Fax Solutions\fm3032.exe" [2006-12-08 312200]
    "DLCICATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll" [2006-10-20 73728]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]

    c:\users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MLB.TV NexDef Plug-in.lnk - c:\users\Colin\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe [2010-4-2 802056]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-3-8 45056]
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-04 135664]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [x]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2007-09-20 12800]
    S2 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe [2006-12-08 537480]
    S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-02-07 712048]
    S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-02-07 712048]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-04 18:41]

    2011-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-04 18:41]

    2011-01-13 c:\windows\Tasks\Norton Security Scan for Colin.job
    - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-10 18:04]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
    Trusted Zone: real.com\rhap-app-4-0
    Trusted Zone: real.com\rhapreg
    FF - ProfilePath - c:\users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\zcsdr9tb.default\
    FF - prefs.js: browser.search.selectedEngine - Secure Search
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    .
    .
    ------- File Associations -------
    .
    JSEFile=NOTEPAD.EXE %1
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe
    AddRemove-MSC - c:\program files\McAfee\MSC\mcuihost.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-30 22:39
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DLCICATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...


    c:\users\Colin\AppData\Local\Temp\catchme.dll 53248 bytes executable

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6f,64,13,40,41,f5,ab,46,aa,c8,f1,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6f,64,13,40,41,f5,ab,46,aa,c8,f1,\

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2011-01-30 22:42:32
    ComboFix-quarantined-files.txt 2011-01-31 06:42

    Pre-Run: 205,714,894,848 bytes free
    Post-Run: 205,663,518,720 bytes free

    - - End Of File - - B4EA5FE12CB497C1C68C1C04FEB2E106
     
  4. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Looks good now.

    How is redirection?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  5. Astros10

    Astros10 TS Rookie Topic Starter

    Redirect seems to be corrected, Thank You

    OTL logfile created on: 1/31/2011 9:09:09 AM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Colin\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18999)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 288.04 Gb Total Space | 190.35 Gb Free Space | 66.08% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 5.91 Gb Free Space | 59.07% Space Free | Partition Type: NTFS
    Drive F: | 111.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: COLIN-PC | User Name: Colin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/01/31 09:07:38 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Colin\Desktop\OTL.exe
    PRC - [2010/11/22 18:15:16 | 001,193,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
    PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    PRC - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    PRC - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
    PRC - [2010/04/02 13:44:58 | 000,802,056 | ---- | M] () -- C:\Users\Colin\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
    PRC - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    PRC - [2010/01/15 04:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    PRC - [2009/06/26 15:05:06 | 000,578,904 | ---- | M] () -- C:\Program Files\Dell\PC TuneUp\SMSystemAnalyzer.exe
    PRC - [2009/05/21 09:55:38 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe
    PRC - [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/02/06 17:16:54 | 000,712,048 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
    PRC - [2008/01/18 23:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
    PRC - [2006/12/07 21:17:44 | 000,537,480 | ---- | M] ( ) -- C:\Windows\System32\dlcicoms.exe
    PRC - [2006/11/12 00:19:46 | 000,446,976 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
    PRC - [2006/10/03 09:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    PRC - [2006/09/22 07:35:58 | 000,045,056 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
    PRC - [2006/04/28 07:14:44 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/01/31 09:07:38 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Colin\Desktop\OTL.exe
    MOD - [2010/08/31 07:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    MOD - [2010/04/01 09:57:36 | 000,015,056 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (0252851296457175mcinstcleanup) McAfee Application Installer Cleanup (0252851296457175)
    SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
    SRV - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
    SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2010/08/17 15:49:16 | 000,797,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2009/02/06 17:16:54 | 000,712,048 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
    SRV - [2009/02/06 17:16:54 | 000,712,048 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
    SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/05/31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007/05/31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
    SRV - [2006/12/07 21:17:44 | 000,537,480 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlcicoms.exe -- (dlci_device)
    SRV - [2006/11/07 11:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2010/10/13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
    DRV - [2010/10/13 22:28:54 | 000,164,840 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
    DRV - [2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2010/10/13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2010/10/13 22:28:54 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
    DRV - [2010/10/13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
    DRV - [2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2010/05/07 11:03:33 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
    DRV - [2008/06/18 07:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2007/10/26 19:08:29 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mcstrm.sys -- (MCSTRM)
    DRV - [2007/09/20 13:12:34 | 000,012,800 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\elrawdsk.sys -- (ElRawDisk)
    DRV - [2007/08/09 17:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
    DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
    DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
    DRV - [2007/03/08 21:28:58 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2007/03/08 21:28:58 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2007/03/08 21:28:58 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2007/02/09 14:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\drvnddm.sys -- (DRVNDDM)
    DRV - [2007/02/08 22:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2007/01/12 09:52:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2007/01/05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2006/11/02 01:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2006/11/02 01:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2006/11/02 01:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2006/11/02 01:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2006/11/02 01:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2006/11/02 01:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2006/11/02 01:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2006/11/02 01:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2006/11/02 01:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 01:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 01:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2006/11/02 01:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2006/11/02 01:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
    DRV - [2006/11/02 01:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2006/11/02 01:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 01:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 01:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 01:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/11/01 23:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
    DRV - [2006/11/01 23:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2006/11/01 23:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2006/10/24 20:53:08 | 002,068,992 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
    DRV - [2006/10/18 10:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
    DRV - [2006/10/18 10:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
    DRV - [2006/10/18 10:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
    DRV - [2006/10/05 14:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - [2006/08/18 11:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
    DRV - [2006/08/18 11:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
    DRV - [2006/08/18 11:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2006/08/18 11:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2006/08/18 11:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2006/08/18 11:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2006/08/18 11:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2006/08/18 11:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2006/08/17 13:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
    DRV - [2006/08/11 08:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
    DRV - [2006/08/04 16:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2006/07/21 09:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
    DRV - [2006/04/09 21:02:17 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RT25USBAP.SYS -- (RT25USBAP)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-18\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



    IE - HKU\S-1-5-21-3331267197-4093515384-3967935643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKU\S-1-5-21-3331267197-4093515384-3967935643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3331267197-4093515384-3967935643-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3331267197-4093515384-3967935643-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Secure Search"
    FF - prefs.js..browser.search.selectedEngine: "Secure Search"
    FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="

    FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/01/31 00:51:22 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/30 22:57:40 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/29 23:25:40 | 000,000,000 | ---D | M]

    [2011/01/29 23:25:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\zcsdr9tb.default\extensions
    [2011/01/29 23:25:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\zcsdr9tb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/01/31 00:51:22 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
    [2010/10/13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
    [2009/11/19 13:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    [2009/11/19 13:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    [2010/10/30 09:44:48 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

    O1 HOSTS File: ([2011/01/30 22:39:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110130225740.dll (McAfee, Inc.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKU\S-1-5-21-3331267197-4093515384-3967935643-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
    O4 - HKLM..\Run: [Dell PC TuneUp Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
    O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [DLCICATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCItime.DLL ()
    O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
    O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
    O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell Fax Solutions\fm3032.exe ()
    O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKU\S-1-5-21-3331267197-4093515384-3967935643-1000..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
    O4 - HKU\S-1-5-21-3331267197-4093515384-3967935643-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - Startup: C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk = C:\Users\Colin\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3331267197-4093515384-3967935643-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3331267197-4093515384-3967935643-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3331267197-4093515384-3967935643-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-3331267197-4093515384-3967935643-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-3331267197-4093515384-3967935643-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-3331267197-4093515384-3967935643-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
    O15 - HKU\S-1-5-21-3331267197-4093515384-3967935643-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Colin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Colin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2008/02/21 16:43:07 | 000,358,248 | R--- | M] (NETGEAR Inc.) - F:\Autorun.exe -- [ CDFS ]
    O32 - AutoRun File - [2000/05/17 09:22:36 | 000,000,045 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/31 09:07:24 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Colin\Desktop\OTL.exe
    [2011/01/30 23:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2011/01/30 22:57:47 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
    [2011/01/30 22:57:37 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
    [2011/01/30 22:57:33 | 000,313,288 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
    [2011/01/30 22:57:33 | 000,164,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
    [2011/01/30 22:57:33 | 000,152,960 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
    [2011/01/30 22:57:33 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
    [2011/01/30 22:57:33 | 000,064,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
    [2011/01/30 22:57:33 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
    [2011/01/30 22:57:33 | 000,052,104 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
    [2011/01/30 22:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
    [2011/01/30 22:55:08 | 000,141,792 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
    [2011/01/30 22:42:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/01/30 22:23:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/01/30 22:23:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/01/30 22:23:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/01/30 22:22:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/01/30 20:04:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/01/30 17:14:45 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\Malwarebytes
    [2011/01/30 17:14:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/01/30 17:14:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/01/30 17:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/01/30 17:14:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/01/30 17:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/01/30 17:12:18 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Colin\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/01/30 16:53:52 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Colin\Desktop\TFC.exe
    [2011/01/30 12:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
    [2011/01/30 12:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft
    [2011/01/30 02:32:08 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/01/30 00:47:13 | 001,174,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
    [2011/01/30 00:47:13 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
    [2011/01/30 00:47:13 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
    [2011/01/30 00:47:13 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
    [2011/01/30 00:47:13 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
    [2011/01/30 00:47:13 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
    [2011/01/30 00:47:13 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
    [2011/01/30 00:47:13 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
    [2011/01/30 00:47:13 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
    [2011/01/30 00:47:13 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
    [2011/01/30 00:47:12 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
    [2011/01/30 00:47:12 | 000,680,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
    [2011/01/30 00:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\Feedback Tool
    [2011/01/30 00:01:14 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
    [2011/01/30 00:01:08 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
    [2011/01/29 20:47:22 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr
    [2011/01/29 20:47:09 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\PCDr
    [2011/01/29 11:53:38 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Local\Apps
    [2011/01/29 08:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(74)
    [2011/01/29 08:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(75)
    [2011/01/28 23:50:16 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\McAfee
    [2010/02/24 16:59:44 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\DLCIhcp.dll
    [2006/10/11 06:01:40 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcipmui.dll
    [2006/10/11 05:59:56 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlciserv.dll
    [2006/10/11 05:54:10 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcicomm.dll
    [2006/10/11 05:52:34 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcilmpm.dll
    [2006/10/11 05:51:16 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlciiesc.dll
    [2006/10/11 05:48:58 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcipplc.dll
    [2006/10/11 05:48:14 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcicomc.dll
    [2006/10/11 05:47:42 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlciprox.dll
    [2006/10/11 05:41:42 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlciinpa.dll
    [2006/10/11 05:41:04 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlciusb1.dll
    [2006/10/11 05:37:14 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcihbn3.dll
    [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========
     
  6. Astros10

    Astros10 TS Rookie Topic Starter

    [2011/01/31 09:07:38 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Colin\Desktop\OTL.exe
    [2011/01/31 08:52:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/01/31 08:21:29 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/01/31 08:21:29 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/01/30 23:07:00 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
    [2011/01/30 22:39:21 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/01/30 22:22:32 | 004,262,903 | R--- | M] () -- C:\Users\Colin\Desktop\Colin.exe
    [2011/01/30 22:21:39 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/01/30 22:21:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/01/30 22:06:45 | 211,017,710 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/01/30 21:59:01 | 000,720,344 | ---- | M] () -- C:\Users\Colin\Desktop\rkill.com
    [2011/01/30 19:40:38 | 000,080,384 | ---- | M] () -- C:\Users\Colin\Desktop\MBRCheck.exe
    [2011/01/30 18:09:56 | 000,624,128 | ---- | M] () -- C:\Users\Colin\Desktop\dds.scr
    [2011/01/30 17:38:35 | 000,296,448 | ---- | M] () -- C:\Users\Colin\Desktop\9c9vk0mj.exe
    [2011/01/30 17:14:32 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/01/30 17:12:29 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Colin\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/01/30 16:54:01 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Colin\Desktop\TFC.exe
    [2011/01/30 12:08:04 | 000,005,889 | ---- | M] () -- C:\Users\Colin\Desktop\Router_Setup.html
    [2011/01/30 00:48:48 | 000,000,000 | -H-- | M] () -- C:\Windows\wusa.lock
    [2011/01/30 00:28:56 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/01/30 00:28:55 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/01/28 23:19:55 | 000,000,040 | ---- | M] () -- C:\ProgramData\~nRqXEN39yecC
    [2011/01/28 23:19:54 | 000,000,152 | ---- | M] () -- C:\ProgramData\~nRqXEN39yecCr
    [2011/01/27 13:51:46 | 000,163,533 | ---- | M] () -- C:\Users\Colin\Documents\taxform.pdf
    [2011/01/12 16:38:02 | 000,000,558 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Colin.job
    [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/01/30 23:01:51 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
    [2011/01/30 22:23:44 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/01/30 22:23:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/01/30 22:23:44 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/01/30 22:23:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/01/30 22:23:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/01/30 22:10:49 | 004,262,903 | R--- | C] () -- C:\Users\Colin\Desktop\Colin.exe
    [2011/01/30 21:58:56 | 000,720,344 | ---- | C] () -- C:\Users\Colin\Desktop\rkill.com
    [2011/01/30 19:40:27 | 000,080,384 | ---- | C] () -- C:\Users\Colin\Desktop\MBRCheck.exe
    [2011/01/30 18:09:37 | 000,624,128 | ---- | C] () -- C:\Users\Colin\Desktop\dds.scr
    [2011/01/30 17:38:31 | 000,296,448 | ---- | C] () -- C:\Users\Colin\Desktop\9c9vk0mj.exe
    [2011/01/30 17:14:32 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/01/30 09:06:32 | 211,017,710 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/01/30 00:45:49 | 000,000,000 | -H-- | C] () -- C:\Windows\wusa.lock
    [2011/01/29 21:25:50 | 000,000,172 | R--- | C] () -- C:\Users\Colin\Desktop\Router Login.url
    [2011/01/29 21:25:49 | 000,005,889 | ---- | C] () -- C:\Users\Colin\Desktop\Router_Setup.html
    [2011/01/28 23:19:54 | 000,000,152 | ---- | C] () -- C:\ProgramData\~nRqXEN39yecCr
    [2011/01/28 23:19:54 | 000,000,040 | ---- | C] () -- C:\ProgramData\~nRqXEN39yecC
    [2011/01/27 13:51:45 | 000,163,533 | ---- | C] () -- C:\Users\Colin\Documents\taxform.pdf
    [2010/11/10 13:38:29 | 000,000,000 | ---- | C] () -- C:\Users\Colin\AppData\Local\AutobahnAcceleratorInstall.txt
    [2010/02/24 16:59:45 | 000,274,432 | ---- | C] () -- C:\Windows\System32\DLCIinst.dll
    [2010/02/24 16:08:12 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
    [2010/02/24 16:08:12 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
    [2009/12/25 12:29:29 | 000,000,680 | ---- | C] () -- C:\Users\Colin\AppData\Local\d3d9caps.dat
    [2009/09/16 21:47:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/04/07 19:15:21 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
    [2009/04/07 19:11:57 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
    [2008/09/06 12:41:33 | 000,938,328 | ---- | C] () -- C:\Windows\System32\Incinerator.dll
    [2008/09/06 12:39:03 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
    [2008/09/04 17:24:07 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2008/04/05 09:32:45 | 000,001,750 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\autobahn.log
    [2007/03/29 18:45:26 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
    [2007/03/15 19:47:39 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2007/03/15 17:52:05 | 000,030,208 | ---- | C] () -- C:\Users\Colin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/03/08 21:29:03 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2007/03/08 13:52:54 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
    [2007/03/08 13:52:54 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
    [2006/12/06 13:25:54 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlciinsr.dll
    [2006/12/06 13:25:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcicur.dll
    [2006/12/06 13:24:50 | 000,135,168 | ---- | C] () -- C:\Windows\System32\dlcijswr.dll
    [2006/12/06 13:20:30 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlciinsb.dll
    [2006/12/06 13:20:22 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcicub.dll
    [2006/12/06 13:20:06 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcicu.dll
    [2006/12/06 13:20:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\dlciins.dll
    [2006/12/06 13:18:44 | 000,434,176 | ---- | C] () -- C:\Windows\System32\dlciutil.dll
    [2006/11/07 11:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
    [2006/11/07 00:30:48 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcicoin.dll
    [2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/09/16 21:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
    [2006/09/16 21:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
    [2006/01/08 21:56:26 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dlcicfg.dll
    [2005/12/02 12:53:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlcicnv4.dll
    [2005/08/17 18:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcivs.dll

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/10 22:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2006/11/10 05:22:24 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2011/01/30 22:42:32 | 000,016,552 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 13:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2007/03/08 21:29:15 | 000,005,281 | RH-- | M] () -- C:\dell.sdr
    [2010/02/24 16:49:52 | 000,000,270 | ---- | M] () -- C:\dlci.log
    [2007/03/15 17:01:46 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2007/03/15 17:01:46 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/01/30 22:21:22 | 2459,705,344 | -HS- | M] () -- C:\pagefile.sys
    [2011/01/30 22:13:42 | 000,000,542 | ---- | M] () -- C:\rkill.log
    [2010/02/24 16:09:29 | 000,000,172 | ---- | M] () -- C:\setupfax.log
    [2007/03/08 14:01:01 | 000,000,070 | ---- | M] () -- C:\SystemInfo.ini

    < %systemroot%\Fonts\*.com >
    [2006/11/02 04:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 04:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 04:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/09/24 16:04:46 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 13:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/10/20 00:31:42 | 000,118,272 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\dlciPP5C.DLL
    [2006/11/02 04:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/09/21 14:43:09 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/11/02 02:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2006/11/02 02:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2006/11/02 02:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 02:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 02:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/06/17 11:33:04 | 000,000,286 | -HS- | M] () -- C:\Users\Colin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/01/30 17:38:35 | 000,296,448 | ---- | M] () -- C:\Users\Colin\Desktop\9c9vk0mj.exe
    [2011/01/30 22:22:32 | 004,262,903 | R--- | M] () -- C:\Users\Colin\Desktop\Colin.exe
    [2011/01/30 17:12:29 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Colin\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/01/30 19:40:38 | 000,080,384 | ---- | M] () -- C:\Users\Colin\Desktop\MBRCheck.exe
    [2011/01/31 09:07:38 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Colin\Desktop\OTL.exe
    [2011/01/30 16:54:01 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Colin\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2007/08/30 18:03:29 | 000,000,402 | -HS- | M] () -- C:\Users\Colin\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/11/29 08:18:35 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
    [2009/06/25 18:52:07 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2011/01/28 23:19:55 | 000,000,040 | ---- | M] () -- C:\ProgramData\~nRqXEN39yecC
    [2011/01/28 23:19:54 | 000,000,152 | ---- | M] () -- C:\ProgramData\~nRqXEN39yecCr
    [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
    No captured output from command...

    < dir /b "%systemroot%\*.exe" | find /i " " /c >
    No captured output from command...

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [1998/09/02 00:46:12 | 000,075,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:20240A47

    < End of report >
     
  7. Astros10

    Astros10 TS Rookie Topic Starter

    OTL Extras logfile created on: 1/31/2011 9:09:09 AM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Colin\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18999)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 288.04 Gb Total Space | 190.35 Gb Free Space | 66.08% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 5.91 Gb Free Space | 59.07% Space Free | Partition Type: NTFS
    Drive F: | 111.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: COLIN-PC | User Name: Colin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3331267197-4093515384-3967935643-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{24C51CFA-70CD-45E1-87D0-9D2DB35A77E3}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{2BAF2ED0-A110-4176-A40C-0D6FDBA6F177}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{3018F8CE-0A4A-4144-9B8E-7A036A77F75E}" = lport=137 | protocol=17 | dir=in | app=system |
    "{39C16296-9768-48FA-AB35-44D84E2AE101}" = rport=138 | protocol=17 | dir=out | app=system |
    "{3CFBDE63-F11B-4B56-8B28-07A972E32A00}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{41EF795A-0A6E-4947-8B4B-3CDAE5BBF1A5}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4006 |
    "{445FCEA8-C35E-4EB1-BDDA-803F01D454B5}" = lport=139 | protocol=6 | dir=in | app=system |
    "{4810CEBB-3B0F-4ED5-B40A-A225086FBC39}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{5E1BFB01-25AE-47D5-AEEB-7219A55EE3ED}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{71F6197F-B634-4B4D-BF2C-00C4F56407FC}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{805D2F9F-C7FB-4CF2-950D-ED339A409CF4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{806051DC-2132-41E2-8DE1-5B0ABF2FF53A}" = lport=138 | protocol=17 | dir=in | app=system |
    "{879CABEF-4F24-4D29-9313-A60E11016269}" = lport=445 | protocol=6 | dir=in | app=system |
    "{89C36931-D750-453B-A923-EE8771B49041}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{9525123C-F7CE-498A-8F96-11BC5E78C799}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{A2384FE4-2E81-44DB-85C3-250EC44EDDD6}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{A4E94E88-3A3E-4643-8475-217CCE58BD43}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{A6381191-D3D0-4B30-828B-54BB3E48912C}" = rport=139 | protocol=6 | dir=out | app=system |
    "{B7C71437-CDED-44D9-996E-EEE0C68C6EB8}" = rport=445 | protocol=6 | dir=out | app=system |
    "{B9D6415D-4C46-4A67-976D-40C13BE18F96}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{C66FBB7E-3F48-4FDD-A907-D572B21BE842}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{CEA2BFB7-A8AB-445C-BAE8-C142066E13BB}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
    "{DC627804-BB1E-43D0-A9B9-A1C8EE24AD6D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{E1B94788-C50C-4CFA-A83C-A0BBF121906B}" = rport=137 | protocol=17 | dir=out | app=system |
    "{EF85C708-831C-4BEF-A3D8-C4C54E950D63}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01A3AACB-6B21-446D-915A-00550004C1ED}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{0698DF37-DE62-45A0-BC06-8A31B08AF625}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{09F1F36E-63DE-4911-A9FC-10FB9DA6712C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{1E148A43-8505-45BC-A152-3A134D752E92}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{446903A4-F62C-4EA2-B7E4-56C3A79A58F7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{455110C2-74D7-429E-B7EB-82436DA5ECEC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{546388F3-E184-4A58-8277-88D9C644D46A}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
    "{5C797472-CDF9-4B21-A3FD-05F469295559}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{5EE731F7-6F84-4C95-8F1F-E1760AB242E7}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{66D6C0FD-570A-41F9-BAFD-05626E33A657}" = protocol=17 | dir=in | app=c:\program files\dell aio printer 946\dlcimon.exe |
    "{80CE0C08-155C-47F6-AA7B-27BC462646CA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{859B8B63-1E1F-4697-95F8-2A40FFD3EB2B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{8753A4C0-EEC9-4C36-9870-8955F6D665B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{8BBD2C47-6B04-4B64-B531-E7A6C4FFEC03}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{95A41D8B-3796-444B-B561-7BF343294A3D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{9D3582B6-3F06-453F-9C5F-DDE72992C8CC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{A58B2DFD-D1B9-4D43-BB27-19E846C0127B}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{A98EC886-D67D-4A4F-B832-0709DD5B03D2}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dlcipswx.exe |
    "{B26526CF-A794-4D28-8AF5-BAF92A0410C0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{B3025FE1-426B-4DF8-8223-11D2FFD4CF24}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{B3970768-B450-4DB3-A128-891FC6033A5F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{B95C196C-1E0D-4024-8A6E-37FB300DEE66}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dlcipswx.exe |
    "{BD71CE34-7A43-4E53-8A23-25594121CAAB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{D169B90C-C676-41E8-8B6E-16B3E15755C1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{D3CD77AA-D300-4401-8549-8D9352A43F12}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{D4BDB2BF-FE1C-4A7F-9D0F-EA6034959360}" = protocol=17 | dir=in | app=c:\windows\system32\dlcicoms.exe |
    "{D4CE58A0-C153-4180-A53D-C66C95CE3F0A}" = protocol=6 | dir=in | app=c:\program files\dell aio printer 946\dlciaiox.exe |
    "{D9BFCD6A-B55E-468E-84C8-3A452C199AB2}" = protocol=17 | dir=in | app=c:\program files\dell aio printer 946\dlciaiox.exe |
    "{DB59D245-4992-4F89-90E3-0D49C1570170}" = protocol=6 | dir=in | app=c:\program files\dell aio printer 946\dlcimon.exe |
    "{DDD2239E-A4D6-4555-BB93-ADC8BF264E9C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{DE117989-2B7A-4FBA-A4B1-159083E5EB5C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{E1C876A8-3CA0-4EAC-A6F0-4067A5C6BE26}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{E62B99F5-ED86-45BE-B1C5-A0F6260E23E9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{EB6C4DCD-6E72-49AC-837C-F49CB5CB9531}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
    "{EF3C1EF9-418F-448F-ACB0-611ED2DA3534}" = protocol=6 | dir=in | app=c:\windows\system32\dlcicoms.exe |
    "{F1C29029-7C4A-4B62-AD68-F59F6D25DCC9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{FA1DF9E7-ADFF-4022-B71A-382101BE04A0}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
    "TCP Query User{1769779F-70B5-498D-ADC3-0C22B652E1F2}C:\programdata\autobahn\mlb-nexdef-autobahn.exe" = protocol=6 | dir=in | app=c:\programdata\autobahn\mlb-nexdef-autobahn.exe |
    "TCP Query User{1C177B3E-7AEF-45DC-8940-4D31A1A2BAD8}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
    "TCP Query User{67F5FC81-ECA1-4B37-856E-EAC18141D2C5}C:\program files\red storm entertainment\ravenshield\system\ravenshield.exe" = protocol=6 | dir=in | app=c:\program files\red storm entertainment\ravenshield\system\ravenshield.exe |
    "TCP Query User{6F8D7B2F-20C5-4854-8F3D-83D4B9F677F0}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
    "TCP Query User{9B2283A8-C119-4BE7-B1E6-BC25ADC9B73B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{A379C340-4D4B-48B6-9934-43E3FF6BB4A4}C:\programdata\autobahn\mlb-nexdef-autobahn.exe" = protocol=6 | dir=in | app=c:\programdata\autobahn\mlb-nexdef-autobahn.exe |
    "TCP Query User{D15EE358-2C62-44FE-9077-F06864CCB141}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "UDP Query User{1F2B1D6C-6FB9-4103-BE41-34872ED6745C}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "UDP Query User{34009A3F-EBE1-4A78-9D50-5F36FF344ABA}C:\programdata\autobahn\mlb-nexdef-autobahn.exe" = protocol=17 | dir=in | app=c:\programdata\autobahn\mlb-nexdef-autobahn.exe |
    "UDP Query User{34F92CE2-D483-41E8-841B-82B9B016A635}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{3D1478B8-27F6-47D9-B592-CCFA7E0045D6}C:\programdata\autobahn\mlb-nexdef-autobahn.exe" = protocol=17 | dir=in | app=c:\programdata\autobahn\mlb-nexdef-autobahn.exe |
    "UDP Query User{5B4E719B-ABFC-4345-80BD-8EB807B3AAC7}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
    "UDP Query User{7FFA62BF-C1D4-41CD-8E59-318726532B87}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
    "UDP Query User{BD1ADDDC-5D37-47B5-8DFA-3A9FDF6D8D08}C:\program files\red storm entertainment\ravenshield\system\ravenshield.exe" = protocol=17 | dir=in | app=c:\program files\red storm entertainment\ravenshield\system\ravenshield.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
    "{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
    "{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
    "{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
    "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{25E81740-CA17-489E-A8B6-54319A1C4D41}}_is1" = Dell PC TuneUp
    "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
    "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
    "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
    "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
    "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
    "{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
    "{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
    "{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{71C27D05-DFB4-4585-919E-631379695D72}" = Samsung PC Studio 3
    "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
    "{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
    "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
    "{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
    "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
    "{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
    "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
    "{91534B49-11A8-465F-9721-3D1A4C59AB6A}" = Destinator Resource Installer NA
    "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
    "{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
    "{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
    "{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
    "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
    "{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
    "{CB8CA439-DA83-419C-A4CF-5A0A50025144}" = Windows Mobile Device Center Driver Update
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
    "{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
    "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
    "{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
    "{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}" = Consumer Complete Care Services Agreement
    "{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F08F36A8-7EEA-DB4D-00D1-2CA68C2DD445}" = ATI Catalyst Control Center Ex
    "{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
    "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
    "{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
    "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
    "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
    "{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "Dell AIO Printer 946" = Dell AIO Printer 946
    "Dell Fax Solutions" = Dell PC Fax
    "Destinator Console" = Destinator Console
    "Disney Toontown Online" = Disney Toontown Online
    "InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
    "IrfanView" = IrfanView (remove only)
    "Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
    "MSC" = McAfee SecurityCenter
    "NSS" = Norton Security Scan
    "Rhapsody" = Rhapsody
    "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
    "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
    "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
    "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
    "UnityWebPlayer" = Unity Web Player
    "WildTangent dell Master Uninstall" = Dell Games
    "Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
    "Yahoo! Companion" = Yahoo! Toolbar

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3331267197-4093515384-3967935643-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Juniper_Setup_Client" = Juniper Networks Setup Client
    "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 8/30/2008 6:23:28 PM | Computer Name = Colin-PC | Source = RapiMgr | ID = 8
    Description = Windows Mobile-based device failed to connect due to communication
    (0x8007274a) failure (see data for failure code).

    Error - 8/30/2008 6:30:39 PM | Computer Name = Colin-PC | Source = RapiMgr | ID = 8
    Description = Windows Mobile-based device failed to connect due to communication
    (0x8007274a) failure (see data for failure code).

    Error - 8/30/2008 6:39:59 PM | Computer Name = Colin-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Lex Talus
    Corporation\Precision Shooter's Workbench\LRBS.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 8/30/2008 6:40:17 PM | Computer Name = Colin-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Lex Talus
    Corporation\Precision Shooter's Workbench\LRBS.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 8/30/2008 6:40:28 PM | Computer Name = Colin-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Lex Talus
    Corporation\Precision Shooter's Workbench\LRBS.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 8/30/2008 6:41:09 PM | Computer Name = Colin-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Lex Talus
    Corporation\Precision Shooter's Workbench\LRBS.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 8/30/2008 6:41:26 PM | Computer Name = Colin-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Lex Talus
    Corporation\Precision Shooter's Workbench\LRBS.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 8/30/2008 6:41:40 PM | Computer Name = Colin-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Lex Talus
    Corporation\Precision Shooter's Workbench\LRBS.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 8/30/2008 6:42:24 PM | Computer Name = Colin-PC | Source = RapiMgr | ID = 8
    Description = Windows Mobile-based device failed to connect due to communication
    (0x8007274a) failure (see data for failure code).

    Error - 8/30/2008 6:44:50 PM | Computer Name = Colin-PC | Source = VSS | ID = 8194
    Description =

    [ Media Center Events ]
    Error - 5/22/2008 7:22:22 AM | Computer Name = Colin-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 5/24/2008 12:17:07 AM | Computer Name = Colin-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 6/3/2008 3:01:16 AM | Computer Name = Colin-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 6/7/2008 10:53:47 AM | Computer Name = Colin-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 7/11/2008 5:32:44 PM | Computer Name = Colin-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 8/7/2008 5:41:13 PM | Computer Name = Colin-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 10/17/2008 5:50:34 AM | Computer Name = Colin-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 10/18/2008 5:49:37 AM | Computer Name = Colin-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 3/26/2009 5:31:20 PM | Computer Name = Colin-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ System Events ]
    Error - 1/31/2011 2:28:05 AM | Computer Name = Colin-PC | Source = Service Control Manager | ID = 7031
    Description =

    Error - 1/31/2011 2:28:55 AM | Computer Name = Colin-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 1/31/2011 2:28:55 AM | Computer Name = Colin-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/31/2011 2:28:55 AM | Computer Name = Colin-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 1/31/2011 2:39:23 AM | Computer Name = Colin-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 1/31/2011 2:55:07 AM | Computer Name = Colin-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/31/2011 2:55:07 AM | Computer Name = Colin-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 1/31/2011 2:57:16 AM | Computer Name = Colin-PC | Source = DCOM | ID = 10005
    Description =

    Error - 1/31/2011 2:57:16 AM | Computer Name = Colin-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 1/31/2011 2:57:16 AM | Computer Name = Colin-PC | Source = Service Control Manager | ID = 7000
    Description =


    < End of report >
     
  8. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Good news :)

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =====================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
      [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
      [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
      [2011/01/28 23:19:55 | 000,000,040 | ---- | M] () -- C:\ProgramData\~nRqXEN39yecC
      [2011/01/28 23:19:54 | 000,000,152 | ---- | M] () -- C:\ProgramData\~nRqXEN39yecCr
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:20240A47
      
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
      "DisableMonitoring" =-
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =======================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  9. Astros10

    Astros10 TS Rookie Topic Starter

    Results of screen317's Security Check version 0.99.7
    Windows Vista Service Pack 2 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    McAfee Security Scan Plus
    McAfee SecurityCenter
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 23
    Java(TM) SE Runtime Environment 6
    Out of date Java installed!
    Adobe Flash Player 10.0.45.2
    Adobe Reader 7.1.0
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    iolo common lib ioloServiceManager.exe
    ``````````End of Log````````````


    C:\Users\Colin\AppData\Roaming\Dell\Installers\PCTuneUp2.exe probably unknown NewHeur_PE virus
     
  10. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    You posted wrong OTL log.
    I assume, you clicked on "Scan" button, instead of "Fix" button.
    Please, redo.
     
  11. Astros10

    Astros10 TS Rookie Topic Starter

    Sorry posted the wrong log. This should be the correct one.

    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes' Anti-Malware (reboot) not found.
    File C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    File delete failed. C:\Windows\System32\OLD1DD2.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\System32\OLD1EDD.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\System32\OLD1F8B.tmp scheduled to be deleted on reboot.
    File C:\ProgramData\~nRqXEN39yecC not found.
    File C:\ProgramData\~nRqXEN39yecCr not found.
    Unable to delete ADS C:\ProgramData\TEMP:20240A47 .
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware\\DisableMonitoring not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Colin
    ->Temp folder emptied: 366112 bytes
    ->Temporary Internet Files folder emptied: 5252127 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 1116 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 496296 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 262588 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 6.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Colin
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.20.6 log created on 01312011_143109

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\System32\OLD1DD2.tmp scheduled to be moved on reboot.
    File move failed. C:\Windows\System32\OLD1EDD.tmp scheduled to be moved on reboot.
    File move failed. C:\Windows\System32\OLD1F8B.tmp scheduled to be moved on reboot.
    File\Folder C:\Users\Colin\AppData\Local\Temp\~DF8DEE.tmp not found!
    File\Folder C:\Users\Colin\AppData\Local\Temp\~WRS0000.tmp not found!
    C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X0R57MA0\sh30[1].html moved successfully.
    C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RTDRIBPN\topic160485[1].html moved successfully.
    C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\072IHYG6\adServer[1].htm moved successfully.
    C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\072IHYG6\crosspixel-dest[1].htm moved successfully.
    C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    File\Folder C:\Windows\temp\fb_1596.lck not found!

    Registry entries deleted on Reboot...
     
  12. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Uninstall Java(TM) SE Runtime Environment 6.

    Update Firefox to the newest 3.6.13 version.

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

    =======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      
      :Files
      C:\Users\Colin\AppData\Roaming\Dell\Installers\PCTuneUp2.exe
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ========================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  13. Astros10

    Astros10 TS Rookie Topic Starter

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Users\Colin\AppData\Roaming\Dell\Installers\PCTuneUp2.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Colin
    ->Temp folder emptied: 400495 bytes
    ->Temporary Internet Files folder emptied: 24141842 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 3859158 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 456 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56502 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 496296 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 262588 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 28.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Colin
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.20.6 log created on 01312011_154049

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Colin\AppData\Local\Temp\~DFC11.tmp not found!
    File\Folder C:\Users\Colin\AppData\Local\Temp\~WRS0000.tmp not found!
    C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9K0UT686\sh30[1].html moved successfully.
    C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8YVLY54H\ads[2].htm moved successfully.
    C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8YVLY54H\crosspixel-dest[1].htm moved successfully.
    C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4375INKF\topic160485[1].html moved successfully.
    C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    File move failed. C:\Windows\System32\OLD1DD2.tmp scheduled to be moved on reboot.
    File move failed. C:\Windows\System32\OLD1EDD.tmp scheduled to be moved on reboot.
    File move failed. C:\Windows\System32\OLD1F8B.tmp scheduled to be moved on reboot.
    File\Folder C:\Windows\temp\fb_2020.lck not found!

    Registry entries deleted on Reboot...
     
  14. Astros10

    Astros10 TS Rookie Topic Starter

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Colin
    ->Temp folder emptied: 431895 bytes
    ->Temporary Internet Files folder emptied: 3904591 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 456 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 496296 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 262588 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 5.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Colin
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb



    OTL by OldTimer - Version 3.2.20.6 log created on 01312011_155116

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Colin\AppData\Local\Temp\Low\hsperfdata_Colin\2864 not found!
    C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PKEM8XXA\ads[1].htm moved successfully.
    C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AIHLR6LP\topic160485[2].html moved successfully.
    C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\85YM4M03\crosspixel-dest[1].htm moved successfully.
    C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2QJ5HXF8\sh30[1].html moved successfully.
    C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    File move failed. C:\Windows\System32\OLD1DD2.tmp scheduled to be moved on reboot.
    File move failed. C:\Windows\System32\OLD1EDD.tmp scheduled to be moved on reboot.
    File move failed. C:\Windows\System32\OLD1F8B.tmp scheduled to be moved on reboot.
    File\Folder C:\Windows\temp\fb_2040.lck not found!

    Registry entries deleted on Reboot...
     
  15. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Whenever ready....
     
  16. Astros10

    Astros10 TS Rookie Topic Starter

    Seems to be work great now. I will keep you posted.

    Thank you so very much for your help.
     
  17. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Yes!! [​IMG]
    Good luck and stay safe :)
     
  18. Astros10

    Astros10 TS Rookie Topic Starter

    I don't know if this has anything to do with what we just did, but I am now getting a error that says IM32FAX.DiL not found. any suggestions?
     
  19. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    It looks like some Lexmark file. Fax?

    If you have any Lexmark device, you may want to reinstall it.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...