TechSpot

We have a virus or trojan

Solved
By gdt55
Oct 29, 2010
Topic Status:
Not open for further replies.
  1. My son's computer started giving him memory warnings and messages about files or DLL not loading. A program named System Defragmenter has also somehow been loaded on his system. I have followed the 8 steps and have not uninstalled the program. Here are the requested logs.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4994

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    10/29/2010 8:30:38 PM
    mbam-log-2010-10-29 (20-30-38).txt

    Scan type: Quick scan
    Objects scanned: 160238
    Time elapsed: 11 minute(s), 59 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 4

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upd32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\atinker\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ldinfo.ldr (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\atinker\Application Data\dsfsds.bat (Malware.Trace) -> Quarantined and deleted successfully.
     
  2. gdt55

    gdt55 TS Rookie Topic Starter Posts: 67

    gmer log part 1

    GMER 1.0.15.15477 - http://www.gmer.net
    Rootkit scan 2010-10-29 22:00:53
    Windows 5.1.2600 Service Pack 3
    Running: m76hnk6o.exe; Driver: C:\DOCUME~1\atinker\LOCALS~1\Temp\uftdipow.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xEE03078A]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xEE030821]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEE030738]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xEE03074C]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xEE030835]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xEE030861]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xEE0308CF]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xEE0308B9]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xEE0307CA]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xEE0308FB]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xEE03080D]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xEE030710]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xEE030724]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEE03079E]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xEE030937]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xEE0308A3]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xEE03088D]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xEE03084B]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xEE030923]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xEE03090F]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xEE030776]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xEE030762]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xEE030877]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xEE0307F9]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xEE0308E5]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEE0307E0]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEE0307B4]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

    ---- Kernel code sections - GMER 1.0.15 ----
     
  3. gdt55

    gdt55 TS Rookie Topic Starter Posts: 67

    gmer log part 2

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F70FE5
    .text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F70098
    .text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F70087
    .text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F7006C
    .text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F7005B
    .text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F7002F
    .text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F700C6
    .text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F70F7E
    .text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F7010D
    .text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F700FC
    .text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F70128
    .text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F70040
    .text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F7000A
    .text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F700A9
    .text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F70FC3
    .text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F70FD4
    .text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F700E1
    .text C:\WINDOWS\System32\svchost.exe[188] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F60FD4
    .text C:\WINDOWS\System32\svchost.exe[188] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F60080
    .text C:\WINDOWS\System32\svchost.exe[188] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F6002F
    .text C:\WINDOWS\System32\svchost.exe[188] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F60014
    .text C:\WINDOWS\System32\svchost.exe[188] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F6006F
    .text C:\WINDOWS\System32\svchost.exe[188] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F60FEF
    .text C:\WINDOWS\System32\svchost.exe[188] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F60054
    .text C:\WINDOWS\System32\svchost.exe[188] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F60FC3
    .text C:\WINDOWS\System32\svchost.exe[188] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F50042
    .text C:\WINDOWS\System32\svchost.exe[188] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F50FB7
    .text C:\WINDOWS\System32\svchost.exe[188] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F5000C
    .text C:\WINDOWS\System32\svchost.exe[188] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F50FEF
    .text C:\WINDOWS\System32\svchost.exe[188] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F50027
    .text C:\WINDOWS\System32\svchost.exe[188] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F50FD2
    .text C:\WINDOWS\System32\svchost.exe[188] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F40FEF
    .text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070FEF
    .text C:\WINDOWS\system32\services.exe[712] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070F41
    .text C:\WINDOWS\system32\services.exe[712] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070036
    .text C:\WINDOWS\system32\services.exe[712] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070F5C
    .text C:\WINDOWS\system32\services.exe[712] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070F79
    .text C:\WINDOWS\system32\services.exe[712] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070FAF
    .text C:\WINDOWS\system32\services.exe[712] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0007005B
    .text C:\WINDOWS\system32\services.exe[712] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070F15
    .text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00070ED3
    .text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070EEE
    .text C:\WINDOWS\system32\services.exe[712] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00070087
    .text C:\WINDOWS\system32\services.exe[712] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070F94
    .text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0007000A
    .text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00070F26
    .text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00070FCA
    .text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0007001B
    .text C:\WINDOWS\system32\services.exe[712] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0007006C
    .text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00060025
    .text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060F83
    .text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00060FD4
    .text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0006000A
    .text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00060F9E
    .text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00060FEF
    .text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00060FAF
    .text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [26, 88]
    .text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060036
    .text C:\WINDOWS\system32\services.exe[712] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050F9C
    .text C:\WINDOWS\system32\services.exe[712] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050FAD
    .text C:\WINDOWS\system32\services.exe[712] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0005000C
    .text C:\WINDOWS\system32\services.exe[712] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050FE3
    .text C:\WINDOWS\system32\services.exe[712] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0005001D
    .text C:\WINDOWS\system32\services.exe[712] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050FD2
    .text C:\WINDOWS\system32\services.exe[712] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040000
    .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E20FEF
    .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E2008C
    .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E20F8D
    .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E20FA8
    .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E2005B
    .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E20FD4
    .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E200B3
    .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E20F6B
    .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E20F3C
    .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E200DF
    .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E20F2B
    .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E20FC3
    .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E2000A
    .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E20F7C
    .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E20040
    .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E20025
    .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E200CE
    .text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E10F9E
    .text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E10025
    .text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E10FB9
    .text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E10FD4
    .text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E10F68
    .text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E10FE5
    .text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E1000A
    .text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E10F8D
    .text C:\WINDOWS\system32\lsass.exe[724] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E0004C
    .text C:\WINDOWS\system32\lsass.exe[724] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E00FC1
    .text C:\WINDOWS\system32\lsass.exe[724] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E0000C
    .text C:\WINDOWS\system32\lsass.exe[724] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E00FE3
    .text C:\WINDOWS\system32\lsass.exe[724] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E00027
    .text C:\WINDOWS\system32\lsass.exe[724] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E00FD2
    .text C:\WINDOWS\system32\lsass.exe[724] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DF0FE5
    .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FD0FEF
    .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FD0F5A
    .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FD0045
    .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FD0028
    .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FD0F75
    .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FD0F97
    .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FD007B
    .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FD0060
    .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FD00AE
    .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FD009D
    .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FD0EF0
    .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FD0F86
    .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FD0FDE
    .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FD0F3F
    .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FD0FA8
    .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FD0FCD
    .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FD008C
     
  4. gdt55

    gdt55 TS Rookie Topic Starter Posts: 67

    gmer log part 3

    .text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FC0040
    .text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FC0FA8
    .text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FC0025
    .text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FC000A
    .text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FC0065
    .text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FC0FEF
    .text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FC0FB9
    .text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1C, 89] {SBB AL, 0x89}
    .text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FC0FD4
    .text C:\WINDOWS\system32\svchost.exe[932] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FB004E
    .text C:\WINDOWS\system32\svchost.exe[932] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FB003D
    .text C:\WINDOWS\system32\svchost.exe[932] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FB0FD7
    .text C:\WINDOWS\system32\svchost.exe[932] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FB0000
    .text C:\WINDOWS\system32\svchost.exe[932] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FB0022
    .text C:\WINDOWS\system32\svchost.exe[932] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FB0011
    .text C:\WINDOWS\system32\svchost.exe[932] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FA0FEF
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C50000
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C50FA0
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C5009F
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C50084
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C50073
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C50047
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C500CD
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C500B0
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C50F45
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C50F56
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C500EF
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C50058
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C50011
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C50F85
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C5002C
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C50FDB
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C500DE
    .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C40FDE
    .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C40FBC
    .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C40025
    .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C40FEF
    .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C4006F
    .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C4000A
    .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C40FCD
    .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E4, 88] {IN AL, 0x88}
    .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C4004A
    .text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C30069
    .text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C30FDE
    .text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C30029
    .text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C30FEF
    .text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C30044
    .text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C3000C
    .text C:\WINDOWS\system32\svchost.exe[988] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C20000
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03D60FE5
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03D6006E
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03D60F6F
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03D6003D
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03D6002C
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03D6001B
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03D600AB
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03D6009A
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03D600E1
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03D600C6
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03D60F2D
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03D60F94
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03D60FD4
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03D6007F
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03D60FAF
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03D60000
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03D60F3E
    .text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03D50FCA
    .text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03D50051
    .text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03D50FE5
    .text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 03D50011
    .text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 03D50F94
    .text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03D50000
    .text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 03D50036
    .text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03D50FAF
    .text C:\WINDOWS\System32\svchost.exe[1088] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 03D4006E
    .text C:\WINDOWS\System32\svchost.exe[1088] msvcrt.dll!system 77C293C7 5 Bytes JMP 03D40049
    .text C:\WINDOWS\System32\svchost.exe[1088] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 03D4002E
    .text C:\WINDOWS\System32\svchost.exe[1088] msvcrt.dll!_open 77C2F566 5 Bytes JMP 03D40000
    .text C:\WINDOWS\System32\svchost.exe[1088] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 03D40FD9
    .text C:\WINDOWS\System32\svchost.exe[1088] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 03D40011
    .text C:\WINDOWS\System32\svchost.exe[1088] WS2_32.dll!socket 71AB4211 5 Bytes JMP 03D20000
    .text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 03D3001B
    .text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 03D30000
    .text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 03D3002C
    .text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 03D3003D
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007B0000
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007B0F91
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007B0090
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007B0FB6
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007B0073
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007B0062
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007B0F65
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007B00AD
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007B00EA
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007B00D9
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007B00FB
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 007B0FD1
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007B001B
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007B0F76
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 007B0047
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 007B0036
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007B00C8
    .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007A0036
    .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007A0F9E
    .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007A0FE5
    .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007A0025
    .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007A0FAF
    .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007A0000
    .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 007A0FC0
    .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [9A, 88]
    .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007A0047
    .text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00790F8B
    .text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!system 77C293C7 5 Bytes JMP 00790F9C
    .text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00790FC8
    .text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00790000
    .text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00790FB7
    .text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00790FE3
    .text C:\WINDOWS\system32\svchost.exe[1200] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00780000
    .text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D7000A
    .text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D70087
    .text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D70076
    .text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D70065
    .text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D70FA8
    .text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D70040
    .text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D700AE
    .text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D70F66
    .text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D70F15
    .text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D70F30
    .text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D70F04
    .text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D70FB9
    .text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D70FEF
    .text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D70F77
    .text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D70025
    .text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D70FD4
    .text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D70F4B
    .text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D60FC0
    .text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D6005B
    .text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D60FDB
    .text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D60011
    .text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D60F94
    .text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D60000
    .text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D60FA5
    .text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F6, 88]
    .text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D6002C
    .text C:\WINDOWS\system32\svchost.exe[1252] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D50FA6
    .text C:\WINDOWS\system32\svchost.exe[1252] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D50027
    .text C:\WINDOWS\system32\svchost.exe[1252] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D50FD2
    .text C:\WINDOWS\system32\svchost.exe[1252] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D50000
    .text C:\WINDOWS\system32\svchost.exe[1252] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D50FB7
    .text C:\WINDOWS\system32\svchost.exe[1252] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D50FE3
    .text C:\WINDOWS\system32\svchost.exe[1252] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D40FEF
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1648] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1648] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01E40000
    .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01E4007F
    .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01E4006E
    .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01E40053
    .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01E40F94
    .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01E40FA5
    .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01E400BC
    .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01E400AB
    .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01E40103
    .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01E400E8
    .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01E40114
    .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01E4002C
    .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01E40FDB
    .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01E4009A
    .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01E40FC0
    .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01E40011
    .text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01E400CD
    .text C:\WINDOWS\Explorer.EXE[1732] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01480FC3
    .text C:\WINDOWS\Explorer.EXE[1732] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01480F72
    .text C:\WINDOWS\Explorer.EXE[1732] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0148001E
    .text C:\WINDOWS\Explorer.EXE[1732] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01480FDE
    .text C:\WINDOWS\Explorer.EXE[1732] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01480039
    .text C:\WINDOWS\Explorer.EXE[1732] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01480FEF
    .text C:\WINDOWS\Explorer.EXE[1732] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01480F97
    .text C:\WINDOWS\Explorer.EXE[1732] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [68, 89]
    .text C:\WINDOWS\Explorer.EXE[1732] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01480FA8
    .text C:\WINDOWS\Explorer.EXE[1732] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0147003F
    .text C:\WINDOWS\Explorer.EXE[1732] msvcrt.dll!system 77C293C7 5 Bytes JMP 01470FB4
    .text C:\WINDOWS\Explorer.EXE[1732] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01470FD9
    .text C:\WINDOWS\Explorer.EXE[1732] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01470000
    .text C:\WINDOWS\Explorer.EXE[1732] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0147002E
    .text C:\WINDOWS\Explorer.EXE[1732] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0147001D
    .text C:\WINDOWS\Explorer.EXE[1732] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 01460000
    .text C:\WINDOWS\Explorer.EXE[1732] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 01460FEF
    .text C:\WINDOWS\Explorer.EXE[1732] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 01460FBE
    .text C:\WINDOWS\Explorer.EXE[1732] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 01460FAD
    .text C:\WINDOWS\Explorer.EXE[1732] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01450FEF
    .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AC0FE5
    .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AC0089
    .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AC0078
    .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AC005D
    .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AC0036
    .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AC0FB9
    .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AC0F41
    .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AC0F52
    .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AC00B5
    .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AC00A4
    .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AC0F01
    .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AC0F9E
    .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AC000A
    .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AC0F6F
    .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AC0FCA
    .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AC001B
    .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AC0F30
    .text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AB0033
    .text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AB0098
    .text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AB0022
    .text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AB0011
    .text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AB0FD1
    .text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AB0000
    .text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00AB0069
    .text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AB004E
    .text C:\WINDOWS\system32\svchost.exe[1820] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AA0FAF
    .text C:\WINDOWS\system32\svchost.exe[1820] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AA0044
    .text C:\WINDOWS\system32\svchost.exe[1820] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AA0022
    .text C:\WINDOWS\system32\svchost.exe[1820] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AA0000
    .text C:\WINDOWS\system32\svchost.exe[1820] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AA0033
    .text C:\WINDOWS\system32\svchost.exe[1820] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AA0011
    .text C:\WINDOWS\system32\svchost.exe[1820] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 00A90FDE
    .text C:\WINDOWS\system32\svchost.exe[1820] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00A90FEF
    .text C:\WINDOWS\system32\svchost.exe[1820] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00A90020
    .text C:\WINDOWS\system32\svchost.exe[1820] WININET.dll!InternetOpenUrlW 771D5BB2 3 Bytes JMP 00A9003B
    .text C:\WINDOWS\system32\svchost.exe[1820] WININET.dll!InternetOpenUrlW + 4 771D5BB6 1 Byte [89]
    .text C:\WINDOWS\system32\svchost.exe[1820] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A80000
    .text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AD0000
    .text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AD0098
    .text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AD0087
    .text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AD0FAD
    .text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AD0FCA
    .text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AD0051
    .text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AD00C9
    .text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AD0F81
    .text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AD00DA
    .text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AD0F41
    .text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AD0F30
    .text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AD006C
    .text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AD0011
    .text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AD0F92
    .text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AD0036
    .text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AD0FDB
    .text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AD0F5C
    .text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AC001B
    .text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AC0051
    .text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AC0FD4
    .text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AC000A
    .text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AC0F94
    .text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AC0FEF
    .text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00AC0FAF
    .text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [CC, 88]
    .text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AC002C
    .text C:\WINDOWS\system32\svchost.exe[2336] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AB0038
    .text C:\WINDOWS\system32\svchost.exe[2336] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AB001D
    .text C:\WINDOWS\system32\svchost.exe[2336] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AB0FC8
    .text C:\WINDOWS\system32\svchost.exe[2336] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AB000C
    .text C:\WINDOWS\system32\svchost.exe[2336] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AB0FAD
    .text C:\WINDOWS\system32\svchost.exe[2336] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AB0FEF
    .text C:\WINDOWS\system32\svchost.exe[2336] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AA0FEF
    .text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F00FE5
    .text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F00080
    .text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F00F8B
    .text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F00F9C
    .text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F00FB9
    .text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F00FD4
    .text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F00F49
    .text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F00F66
    .text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F000BD
    .text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F00F24
    .text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F00F13
    .text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F00051
    .text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F00000
    .text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F00091
    .text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F00036
    .text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F0001B
    .text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F000A2
    .text C:\WINDOWS\system32\dllhost.exe[3748] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EE0F92
    .text C:\WINDOWS\system32\dllhost.exe[3748] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EE0FAD
    .text C:\WINDOWS\system32\dllhost.exe[3748] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EE001D
    .text C:\WINDOWS\system32\dllhost.exe[3748] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EE0000
    .text C:\WINDOWS\system32\dllhost.exe[3748] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EE0FC8
    .text C:\WINDOWS\system32\dllhost.exe[3748] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EE0FE3
    .text C:\WINDOWS\system32\dllhost.exe[3748] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EF0FAF
    .text C:\WINDOWS\system32\dllhost.exe[3748] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EF0F80
    .text C:\WINDOWS\system32\dllhost.exe[3748] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EF000A
    .text C:\WINDOWS\system32\dllhost.exe[3748] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EF0FDE
    .text C:\WINDOWS\system32\dllhost.exe[3748] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EF0047
    .text C:\WINDOWS\system32\dllhost.exe[3748] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EF0FEF
    .text C:\WINDOWS\system32\dllhost.exe[3748] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00EF0036
    .text C:\WINDOWS\system32\dllhost.exe[3748] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EF0025
    .text C:\WINDOWS\system32\dllhost.exe[3748] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00ED000A

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

    AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

    Device \FileSystem\Fastfat \Fat B9321D20

    AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    ---- EOF - GMER 1.0.15 ----
     
  5. gdt55

    gdt55 TS Rookie Topic Starter Posts: 67

    Attach log

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-21.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 8/25/2006 1:51:15 PM
    System Uptime: 10/29/2010 8:32:29 PM (2 hours ago)

    Motherboard: Dell Inc. | | 0HJ054
    Processor: Intel(R) Pentium(R) D CPU 2.66GHz | Microprocessor | 2660/533mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 70 GiB total, 29.991 GiB free.
    D: is CDROM (UDF)

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1177: 8/2/2010 11:44:02 PM - System Checkpoint
    RP1178: 8/3/2010 3:00:17 AM - Software Distribution Service 3.0
    RP1179: 8/4/2010 3:07:04 AM - System Checkpoint
    RP1180: 8/5/2010 5:16:24 AM - System Checkpoint
    RP1181: 8/6/2010 5:58:31 AM - System Checkpoint
    RP1182: 8/7/2010 6:29:03 AM - System Checkpoint
    RP1183: 8/8/2010 7:29:02 AM - System Checkpoint
    RP1184: 8/9/2010 8:29:04 AM - System Checkpoint
    RP1185: 8/10/2010 9:29:01 AM - System Checkpoint
    RP1186: 8/11/2010 10:29:00 AM - System Checkpoint
    RP1187: 8/12/2010 3:00:46 AM - Software Distribution Service 3.0
    RP1188: 8/13/2010 3:41:25 AM - System Checkpoint
    RP1189: 8/14/2010 3:56:18 AM - System Checkpoint
    RP1190: 8/15/2010 4:56:18 AM - System Checkpoint
    RP1191: 8/16/2010 5:57:23 AM - System Checkpoint
    RP1192: 8/17/2010 6:56:19 AM - System Checkpoint
    RP1193: 8/18/2010 7:31:05 AM - System Checkpoint
    RP1194: 8/19/2010 8:31:04 AM - System Checkpoint
    RP1195: 8/20/2010 9:31:07 AM - System Checkpoint
    RP1196: 8/21/2010 10:31:05 AM - System Checkpoint
    RP1197: 8/22/2010 11:52:10 AM - System Checkpoint
    RP1198: 8/23/2010 12:31:07 PM - System Checkpoint
    RP1199: 8/24/2010 1:31:07 PM - System Checkpoint
    RP1200: 8/25/2010 1:32:13 PM - System Checkpoint
    RP1201: 8/26/2010 2:31:09 PM - System Checkpoint
    RP1202: 8/27/2010 3:31:08 PM - System Checkpoint
    RP1203: 8/28/2010 4:27:02 PM - System Checkpoint
    RP1204: 8/30/2010 12:17:22 AM - System Checkpoint
    RP1205: 8/31/2010 2:03:04 AM - System Checkpoint
    RP1206: 9/1/2010 2:31:14 AM - System Checkpoint
    RP1207: 9/2/2010 3:31:16 AM - System Checkpoint
    RP1208: 9/3/2010 4:31:18 AM - System Checkpoint
    RP1209: 9/4/2010 5:31:15 AM - System Checkpoint
    RP1210: 9/5/2010 6:31:15 AM - System Checkpoint
    RP1211: 9/6/2010 7:31:17 AM - System Checkpoint
    RP1212: 9/7/2010 8:41:28 AM - System Checkpoint
    RP1213: 9/8/2010 3:00:19 AM - Software Distribution Service 3.0
    RP1214: 9/9/2010 3:31:16 AM - System Checkpoint
    RP1215: 9/10/2010 4:31:20 AM - System Checkpoint
    RP1216: 9/11/2010 5:23:32 AM - System Checkpoint
    RP1217: 9/12/2010 5:31:18 AM - System Checkpoint
    RP1218: 9/13/2010 7:59:32 AM - System Checkpoint
    RP1219: 9/14/2010 8:32:25 AM - System Checkpoint
    RP1220: 9/15/2010 9:31:19 AM - System Checkpoint
    RP1221: 9/16/2010 3:00:43 AM - Software Distribution Service 3.0
    RP1222: 9/17/2010 4:15:21 AM - System Checkpoint
    RP1223: 9/18/2010 4:33:04 AM - System Checkpoint
    RP1224: 9/19/2010 5:34:09 AM - System Checkpoint
    RP1225: 9/20/2010 7:25:07 AM - System Checkpoint
    RP1226: 9/21/2010 7:33:02 AM - System Checkpoint
    RP1227: 9/22/2010 8:30:44 AM - System Checkpoint
    RP1228: 9/23/2010 8:33:05 AM - System Checkpoint
    RP1229: 9/24/2010 9:33:06 AM - System Checkpoint
    RP1230: 9/25/2010 10:33:07 AM - System Checkpoint
    RP1231: 9/26/2010 11:33:06 AM - System Checkpoint
    RP1232: 9/27/2010 12:33:06 PM - System Checkpoint
    RP1233: 9/28/2010 1:41:17 PM - System Checkpoint
    RP1234: 9/29/2010 3:00:23 AM - Software Distribution Service 3.0
    RP1235: 9/30/2010 3:33:08 AM - System Checkpoint
    RP1236: 10/1/2010 4:33:08 AM - System Checkpoint
    RP1237: 10/2/2010 5:33:08 AM - System Checkpoint
    RP1238: 10/3/2010 6:33:09 AM - System Checkpoint
    RP1239: 10/4/2010 7:53:35 AM - System Checkpoint
    RP1240: 10/5/2010 8:33:08 AM - System Checkpoint
    RP1241: 10/6/2010 8:34:14 AM - System Checkpoint
    RP1242: 10/7/2010 3:00:21 AM - Software Distribution Service 3.0
    RP1243: 10/8/2010 3:00:25 AM - Software Distribution Service 3.0
    RP1244: 10/9/2010 3:33:10 AM - System Checkpoint
    RP1245: 10/10/2010 4:33:10 AM - System Checkpoint
    RP1246: 10/11/2010 5:33:10 AM - System Checkpoint
    RP1247: 10/12/2010 6:34:14 AM - System Checkpoint
    RP1248: 10/13/2010 7:51:54 AM - System Checkpoint
    RP1249: 10/14/2010 3:01:05 AM - Software Distribution Service 3.0
    RP1250: 10/15/2010 3:35:58 AM - System Checkpoint
    RP1251: 10/16/2010 4:10:00 AM - System Checkpoint
    RP1252: 10/17/2010 4:59:18 AM - System Checkpoint
    RP1253: 10/18/2010 5:59:18 AM - System Checkpoint
    RP1254: 10/19/2010 7:01:43 AM - System Checkpoint
    RP1255: 10/20/2010 7:59:03 AM - System Checkpoint
    RP1256: 10/21/2010 7:59:18 AM - System Checkpoint
    RP1257: 10/22/2010 8:59:19 AM - System Checkpoint
    RP1258: 10/23/2010 9:59:20 AM - System Checkpoint
    RP1259: 10/24/2010 10:59:20 AM - System Checkpoint
    RP1260: 10/25/2010 11:00:25 AM - System Checkpoint
    RP1261: 10/26/2010 11:59:20 AM - System Checkpoint
    RP1262: 10/27/2010 12:47:26 PM - System Checkpoint
    RP1263: 10/28/2010 1:06:21 PM - System Checkpoint
    RP1264: 10/29/2010 2:06:21 PM - System Checkpoint

    ==== Installed Programs ======================

    725plc32
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 7.0
    Adobe Shockwave Player 11.5
    AIM 6
    Andrea VoiceCenter
    AOL Coach Version 1.0(Build:20040229.1 en)
    AOL Connectivity Services
    AOL Uninstaller (Choose which Products to Remove)
    AOLIcon
    Apple Mobile Device Support
    Apple Software Update
    ATI Control Panel
    ATI Display Driver
    Bonjour
    Bonjour Core for Windows
    CDDRV_Installer
    Compatibility Pack for the 2007 Office system
    Conexant D850 56K V.9x DFVc Modem
    Corel Photo Album 6
    Creative Jukebox Driver
    Creative MediaSource
    Creative NOMAD Jukebox Zen Xtra
    Dell CinePlayer
    Dell Digital Jukebox Driver
    Dell Driver Reset Tool
    Dell System Restore
    DellSupport
    Digital Content Portal
    Digital Line Detect
    Documentation & Support Launcher
    EarthLink setup files
    EducateU
    ELIcon
    erLT
    ESPNMotion
    Games, Music, & Photos Launcher
    GemMaster Mystic
    Get High Speed Internet!
    Google Toolbar for Internet Explorer
    Goombah Partner COM Server
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet for Wired Connections
    Internet Service Offers Launcher
    iTunes
    Java 2 Runtime Environment, SE v1.4.2_03
    Java Auto Updater
    Java(TM) 6 Update 20
    KhalInstallWrapper
    Learn2 Player (Uninstall Only)
    Logitech SetPoint
    Malwarebytes' Anti-Malware
    McAfee SecurityCenter
    MCU
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Baseline Security Analyzer 2.0
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Office Basic Edition 2003
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Modem Helper
    Move Media Player
    Mozilla Firefox (3.0.19)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Musicmatch for Windows Media Player
    Napster
    Napster Burn Engine
    NetWaiting
    NetZeroInstallers
    Otto
    PartyPokerNet
    PopCap Browser Plugin
    QuickTime
    RealPlayer Basic
    Roxio DLA
    Roxio MyDVD LE
    Roxio RecordNow Audio
    Roxio RecordNow Copy
    Roxio RecordNow Data
    Ruckus Player
    Search Assist
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2183461)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360131)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Sonic Activation Module
    Sonic Advanced Decoder
    Sonic Encoders
    Sonic Update Manager
    Sound Blaster Audigy ADVANCED MB
    Sound Blaster Audigy ADVANCED MB Product Registration
    StarCraft II
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Media Player 10 (KB910393)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update for Windows XP (KB978207)
    Update for Windows XP (KB980182)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    URL Assistant
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player
    Warcraft III
    WebCyberCoach 3.2 Dell
    WebFldrs XP
    WildTangent Web Driver
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Live installer
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Media Connect
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    Windows Media Player 11
    Windows XP Media Center Edition 2005 KB908246
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3

    ==== Event Viewer Messages From Past Week ========

    10/29/2010 8:33:02 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    10/29/2010 8:00:12 PM, error: Service Control Manager [7034] - The Creative Labs Licensing Service service terminated unexpectedly. It has done this 1 time(s).
    10/29/2010 8:00:12 PM, error: Service Control Manager [7031] - The McAfee SystemGuards service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/29/2010 8:00:11 PM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
    10/29/2010 8:00:11 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    10/29/2010 8:00:11 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/29/2010 8:00:11 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/29/2010 8:00:11 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
    10/29/2010 8:00:11 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/29/2010 8:00:10 PM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
    10/29/2010 8:00:10 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    10/29/2010 8:00:10 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/29/2010 8:00:08 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
    10/28/2010 8:03:35 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 480 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    10/28/2010 4:03:35 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 960 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    10/28/2010 4:03:35 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 240 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    10/28/2010 2:03:35 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    10/28/2010 12:33:35 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    10/28/2010 12:18:35 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    10/28/2010 1:03:35 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    10/27/2010 12:18:19 AM, error: Dhcp [1002] - The IP address lease 192.168.2.100 for the Network Card with network address 001372E312EC has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
    10/25/2010 4:42:11 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    ==== End Of File ===========================
     
  6. gdt55

    gdt55 TS Rookie Topic Starter Posts: 67

    DDS log

    DDS (Ver_10-10-21.02) - NTFSx86
    Run by atinker at 22:06:25.25 on Fri 10/29/2010
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.550 [GMT -4:00]

    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\DOCUME~1\atinker\LOCALS~1\Temp\clclean.0001
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\System32\mshta.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Documents and Settings\atinker\Desktop\dds.scr
    C:\WINDOWS\system32\wscntfy.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    mDefault_Page_URL = hxxp://www.dell.com
    mDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://www.dell.com
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [SetDefaultMIDI] MIDIDef.exe
    uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Hdutiwoniqivuxe] rundll32.exe "c:\windows\a32rfp1n.dll",Startup
    uRun: [1011938437] c:\docume~1\atinker\locals~1\temp\1011938437.exe
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
    mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
    mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
    mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [<NO NAME>]
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
    mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\atinker\start menu\programs\imvu\Run IMVU.lnk
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 209.85.74.6 www2.hobowars.com.
    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\atinker\applic~1\mozilla\firefox\profiles\at0tu0ks.default\
    FF - plugin: c:\documents and settings\atinker\application data\move networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\documents and settings\atinker\application data\move networks\plugins\npqmp071701000002.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: XULRunner: {BEEF54CF-A206-4F41-AA77-E8A2CF5F5A51} - c:\documents and settings\atinker\local settings\application data\{BEEF54CF-A206-4F41-AA77-E8A2CF5F5A51}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    ============= SERVICES / DRIVERS ===============

    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-7-8 214664]
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-1-20 10384]
    R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-7-8 359952]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-7-8 144704]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-2-21 24652]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40720]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 10384]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-7-8 79816]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-7-8 35272]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-7-8 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-7-8 40552]
    S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-7-8 606736]

    =============== Created Last 30 ================

    2010-10-30 00:14:52 -------- d-----w- c:\docume~1\atinker\applic~1\Malwarebytes
    2010-10-30 00:14:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-30 00:14:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-10-30 00:14:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-30 00:14:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-14 00:51:56 151552 ----a-w- c:\program files\mozilla firefox\plugins\nppopcaploader.dll
    2010-10-14 00:51:56 -------- d-----w- c:\program files\PopCap Games
    2010-10-13 21:26:04 165 ----a-w- c:\docume~1\atinker\applic~1\del.bat
    2010-10-13 21:07:33 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
    2010-10-13 21:07:32 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-13 21:07:32 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-13 21:06:50 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

    ==================== Find3M ====================

    2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-09 14:16:31 667136 ----a-w- c:\windows\system32\wininet.dll
    2010-09-09 14:16:30 61952 ----a-w- c:\windows\system32\tdc.ocx
    2010-09-09 14:16:29 81920 ----a-w- c:\windows\system32\ieencode.dll
    2010-09-08 16:49:49 369664 ----a-w- c:\windows\system32\html.iec
    2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-28 06:47:40 0 ----a-w- c:\windows\Cjolobituyi.bin
    2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

    ============= FINISH: 22:06:55.04 ===============
     
  7. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE. If Combofix asks you to install Recovery Console, please allow it.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  8. gdt55

    gdt55 TS Rookie Topic Starter Posts: 67

    MBRCheck log

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 151):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0xF7992000 \WINDOWS\system32\KDCOM.DLL
    0xF78A2000 \WINDOWS\system32\BOOTVID.dll
    0xF7492000 djyq.sys
    0xF7363000 ACPI.sys
    0xF7994000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF7352000 pci.sys
    0xF74A2000 isapnp.sys
    0xF7A5A000 pciide.sys
    0xF7712000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF74B2000 MountMgr.sys
    0xF7333000 ftdisk.sys
    0xF7996000 dmload.sys
    0xF730D000 dmio.sys
    0xF771A000 PartMgr.sys
    0xF74C2000 VolSnap.sys
    0xF72F5000 atapi.sys
    0xF74D2000 disk.sys
    0xF74E2000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF72D5000 fltmgr.sys
    0xF72C3000 sr.sys
    0xF72AD000 DRVMCDB.SYS
    0xF7722000 PxHelp20.sys
    0xF7296000 KSecDD.sys
    0xF7209000 Ntfs.sys
    0xF71DC000 NDIS.sys
    0xF71C2000 Mup.sys
    0xF7562000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF688F000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
    0xF687B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF6853000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xF780A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF682F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF7812000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF67FB000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
    0xF67D8000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF66D9000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
    0xF6632000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    0xF781A000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF660A000 \SystemRoot\system32\DRIVERS\e100b325.sys
    0xF7572000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF79AE000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
    0xF7582000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
    0xF7592000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF75A2000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF7822000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
    0xF7972000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xF7BC8000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF75B2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF797A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF65F3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF75C2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF75D2000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF782A000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF65E2000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF75F2000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF7832000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF783A000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF7842000 \SystemRoot\system32\DRIVERS\wanatw4.sys
    0xF65B2000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF7602000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF784A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF7852000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF79B0000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF6554000 \SystemRoot\system32\DRIVERS\update.sys
    0xF7189000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF7612000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xEE4B9000 \SystemRoot\system32\drivers\sthda.sys
    0xEE495000 \SystemRoot\system32\drivers\portcls.sys
    0xF7642000 \SystemRoot\system32\drivers\drmk.sys
    0xEE2AB000 \SystemRoot\system32\drivers\sigfilt.sys
    0xF7169000 \SystemRoot\system32\drivers\MODEMCSA.sys
    0xF7662000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF79B4000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF69F0000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xF69EC000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xF7672000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xF785A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF7862000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xF69E8000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xF7682000 \SystemRoot\System32\Drivers\LEqdUsb.Sys
    0xF7692000 \SystemRoot\System32\Drivers\WDFLDR.SYS
    0xEE230000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
    0xF79B6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7B7F000 \SystemRoot\System32\Drivers\Null.SYS
    0xF79B8000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF7872000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
    0xF787A000 \SystemRoot\System32\drivers\vga.sys
    0xF79BA000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF79BC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF7882000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF788A000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF69E0000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xEE1D5000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xEE17C000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xEE155000 \SystemRoot\System32\Drivers\Mpfp.sys
    0xF76B2000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xEE12F000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xF793E000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xF76C2000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
    0xEE107000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xEE0E5000 \SystemRoot\System32\drivers\afd.sys
    0xF76D2000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xEE0BA000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xEE04A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xEE017000 \SystemRoot\system32\drivers\mfehidk.sys
    0xF76F2000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF7B8D000 \SystemRoot\System32\Drivers\LHidEqd.Sys
    0xF7892000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
    0xF789A000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
    0xEDF3E000 \SystemRoot\System32\Drivers\Udfs.SYS
    0xEDF26000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF79C0000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xF652A000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF7752000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7BE5000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\ati2dvag.dll
    0xBF049000 \SystemRoot\System32\ati2cqag.dll
    0xBF07D000 \SystemRoot\System32\atikvmag.dll
    0xBF0B2000 \SystemRoot\System32\ati3duag.dll
    0xBF2F4000 \SystemRoot\System32\ativvaxx.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xEE425000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
    0xF7AC6000 \SystemRoot\System32\DLA\DLADResN.SYS
    0xEBE70000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
    0xEBF0E000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
    0xF79D6000 \SystemRoot\System32\DLA\DLAPoolM.SYS
    0xF775A000 \SystemRoot\System32\DLA\DLABOIOM.SYS
    0xEBE58000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
    0xEBE42000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
    0xEBEB2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xEBB35000 \SystemRoot\system32\drivers\wdmaud.sys
    0xEBCD2000 \SystemRoot\system32\drivers\sysaudio.sys
    0xBA57C000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xF7A0C000 \SystemRoot\System32\Drivers\ASCTRM.SYS
    0xF7A0E000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
    0xBA423000 \SystemRoot\System32\Drivers\HTTP.sys
    0xF7ACD000 \SystemRoot\System32\Drivers\LBeepKE.sys
    0xBA2DB000 \SystemRoot\system32\DRIVERS\srv.sys
    0xBA540000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xF77F2000 \SystemRoot\system32\drivers\mfebopk.sys
    0xB9588000 \SystemRoot\system32\drivers\mfeavfk.sys
    0xB933E000 \??\C:\DOCUME~1\atinker\LOCALS~1\Temp\uftdipow.sys
    0xB931A000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xBA0A7000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0xB96C2000 \SystemRoot\system32\drivers\mfesmfk.sys
    0xB906F000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 74):
    0 System Idle Process
    4 System
    592 C:\WINDOWS\system32\smss.exe
    640 csrss.exe
    668 C:\WINDOWS\system32\winlogon.exe
    712 C:\WINDOWS\system32\services.exe
    724 C:\WINDOWS\system32\lsass.exe
    916 C:\WINDOWS\system32\ati2evxx.exe
    932 C:\WINDOWS\system32\svchost.exe
    988 svchost.exe
    1088 C:\WINDOWS\system32\svchost.exe
    1200 svchost.exe
    1252 svchost.exe
    1424 C:\WINDOWS\system32\spoolsv.exe
    1732 C:\WINDOWS\explorer.exe
    1820 svchost.exe
    1860 C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    1872 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    1884 C:\Program Files\Bonjour\mDNSResponder.exe
    1912 C:\WINDOWS\system32\CTSVCCDA.EXE
    1932 C:\WINDOWS\ehome\ehrecvr.exe
    1976 C:\WINDOWS\ehome\ehSched.exe
    188 C:\WINDOWS\system32\svchost.exe
    212 C:\Program Files\Java\jre6\bin\jqs.exe
    436 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    568 C:\WINDOWS\ehome\ehtray.exe
    576 C:\WINDOWS\stsystra.exe
    608 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    620 C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    624 C:\WINDOWS\system32\rundll32.exe
    1040 C:\DOCUME~1\atinker\LOCALS~1\Temp\clclean.0001
    1048 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    1080 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
    1172 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    1368 C:\Program Files\McAfee.com\Agent\mcagent.exe
    1400 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    1520 C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
    1640 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    1648 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
    1692 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
    1880 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    1904 C:\WINDOWS\system32\ctfmon.exe
    2100 C:\Program Files\McAfee\MPF\MpfSrv.exe
    2336 svchost.exe
    2484 C:\Program Files\Viewpoint\Common\ViewpointService.exe
    2588 C:\WINDOWS\system32\MsPMSPSv.exe
    2844 mcrdsvc.exe
    2856 C:\Program Files\Digital Line Detect\DLG.exe
    3032 C:\Program Files\Logitech\SetPoint\SetPoint.exe
    3192 wmpnetwk.exe
    3748 C:\WINDOWS\system32\dllhost.exe
    3860 C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    1120 alg.exe
    1344 C:\WINDOWS\ehome\ehmsas.exe
    2620 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    3588 wmiprvse.exe
    1476 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    688 C:\WINDOWS\system32\mshta.exe
    2656 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    540 C:\WINDOWS\system32\mshta.exe
    272 C:\WINDOWS\system32\mshta.exe
    524 C:\WINDOWS\system32\mshta.exe
    3800 C:\WINDOWS\system32\mshta.exe
    2804 C:\WINDOWS\system32\mshta.exe
    3696 C:\WINDOWS\system32\mshta.exe
    3528 C:\WINDOWS\system32\mshta.exe
    4048 C:\WINDOWS\system32\mshta.exe
    2520 C:\WINDOWS\system32\mshta.exe
    2212 C:\WINDOWS\system32\mshta.exe
    208 C:\WINDOWS\system32\mshta.exe
    4716 C:\Program Files\Internet Explorer\iexplore.exe
    2780 C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
    3852 C:\Documents and Settings\atinker\Desktop\MBRCheck.exe
    4596 C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)

    PhysicalDrive0 Model Number: WDCWD800JD-75MSA3, Rev: 10.01E04

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Dell MBR code detected
    SHA1: 57BDF501CE769EF2720C705B6C71C893DA31574E


    Done!
     
  9. gdt55

    gdt55 TS Rookie Topic Starter Posts: 67

    Combfix log

    ComboFix 10-10-29.03 - atinker 10/30/2010 8:49.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.467 [GMT -4:00]
    Running from: c:\documents and settings\atinker\Desktop\ComboFix.exe
    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    * Resident AV is active

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\docume~1\atinker\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
    c:\documents and settings\atinker\Application Data\Install.dat
    c:\documents and settings\atinker\Local Settings\Application Data\{BEEF54CF-A206-4F41-AA77-E8A2CF5F5A51}
    c:\documents and settings\atinker\Local Settings\Application Data\{BEEF54CF-A206-4F41-AA77-E8A2CF5F5A51}\chrome.manifest
    c:\documents and settings\atinker\Local Settings\Application Data\{BEEF54CF-A206-4F41-AA77-E8A2CF5F5A51}\chrome\content\_cfg.js
    c:\documents and settings\atinker\Local Settings\Application Data\{BEEF54CF-A206-4F41-AA77-E8A2CF5F5A51}\chrome\content\overlay.xul
    c:\documents and settings\atinker\Local Settings\Application Data\{BEEF54CF-A206-4F41-AA77-E8A2CF5F5A51}\install.rdf
    c:\documents and settings\atinker\Local Settings\Temp\clclean.0001.dir.0000\~df394b.tmp
    c:\temp\abW9
    c:\windows\run.log
    c:\windows\system32\Data
    c:\windows\system32\uniq.tll
    c:\windows\Tasks\At1.job
    c:\windows\Tasks\At10.job
    c:\windows\Tasks\At11.job
    c:\windows\Tasks\At12.job
    c:\windows\Tasks\At13.job
    c:\windows\Tasks\At14.job
    c:\windows\Tasks\At15.job
    c:\windows\Tasks\At16.job
    c:\windows\Tasks\At17.job
    c:\windows\Tasks\At18.job
    c:\windows\Tasks\At19.job
    c:\windows\Tasks\At2.job
    c:\windows\Tasks\At20.job
    c:\windows\Tasks\At21.job
    c:\windows\Tasks\At22.job
    c:\windows\Tasks\At23.job
    c:\windows\Tasks\At24.job
    c:\windows\Tasks\At3.job
    c:\windows\Tasks\At4.job
    c:\windows\Tasks\At5.job
    c:\windows\Tasks\At6.job
    c:\windows\Tasks\At7.job
    c:\windows\Tasks\At8.job
    c:\windows\Tasks\At9.job

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_USNJSVC
    -------\Service_usnjsvc


    ((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-30 )))))))))))))))))))))))))))))))
    .

    2010-10-30 00:14 . 2010-10-30 00:14 -------- d-----w- c:\documents and settings\atinker\Application Data\Malwarebytes
    2010-10-30 00:14 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-30 00:14 . 2010-10-30 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-10-30 00:14 . 2010-10-30 00:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-30 00:14 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-14 00:51 . 2010-10-14 00:51 151552 ----a-w- c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
    2010-10-14 00:51 . 2010-10-14 00:51 -------- d-----w- c:\program files\PopCap Games
    2010-10-13 21:26 . 2010-10-13 21:26 165 ----a-w- c:\documents and settings\atinker\Application Data\del.bat
    2010-10-13 21:07 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
    2010-10-13 21:07 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-13 21:07 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-13 21:06 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-18 16:23 . 2005-08-16 08:18 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2005-08-16 08:18 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2005-08-16 08:18 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2005-08-16 08:18 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-09 14:16 . 2005-08-16 08:18 667136 ----a-w- c:\windows\system32\wininet.dll
    2010-09-09 14:16 . 2005-08-16 08:18 61952 ----a-w- c:\windows\system32\tdc.ocx
    2010-09-09 14:16 . 2005-08-16 08:18 81920 ----a-w- c:\windows\system32\ieencode.dll
    2010-09-08 16:49 . 2005-08-16 08:18 369664 ----a-w- c:\windows\system32\html.iec
    2010-09-01 11:51 . 2005-08-16 08:18 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42 . 2005-08-16 08:18 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02 . 2005-08-16 08:18 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57 . 2005-08-16 08:18 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 13:39 . 2005-08-16 08:18 357248 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-08-26 12:52 . 2009-05-04 20:47 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12 . 2005-08-16 08:18 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17 . 2005-08-16 08:18 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45 . 2005-08-16 08:18 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
    "Aim6"="c:\program files\AIM6\aim6.exe" [2008-08-06 50472]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-25 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
    "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
    "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
    "MBMon"="CTMBHA.DLL" [2005-05-19 1345520]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
    "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 496752]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-21 24576]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-20 813584]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-01-06 18:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2007-10-18 15:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
    2006-06-29 18:17 319488 ----a-w- c:\program files\Napster\napster.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1156535100\\ee\\aolsoftware.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1156535100\\ee\\aim6.exe"=
    "c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
    "c:\\Program Files\\AIM6\\aim6.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Documents and Settings\\atinker\\My Documents\\Quake3\\quake3.exe"=
    "c:\\Program Files\\Ruckus Player\\Ruckus.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
    "c:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=

    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [1/20/2010 5:20 PM 10384]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/21/2007 11:33 PM 24652]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [6/17/2009 12:55 PM 40720]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [6/17/2009 12:55 PM 10384]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

    2010-10-15 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 16:22]

    2010-10-01 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 16:22]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://www.dell.com
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\atinker\Start Menu\Programs\IMVU\Run IMVU.lnk
    FF - ProfilePath - c:\documents and settings\atinker\Application Data\Mozilla\Firefox\Profiles\at0tu0ks.default\
    FF - plugin: c:\documents and settings\atinker\Application Data\Move Networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\documents and settings\atinker\Application Data\Move Networks\plugins\npqmp071701000002.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-Hdutiwoniqivuxe - c:\windows\a32rfp1n.dll
    MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
    AddRemove-AOLAntivirus - c:\program files\mcafee.com\antivirus\uninst.exe
    AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-10-30 08:58
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(664)
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\common files\logishrd\bluetooth\LBTServ.dll

    - - - - - - - > 'explorer.exe'(2520)
    c:\program files\Logitech\SetPoint\lgscroll.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\CTsvcCDA.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\progra~1\McAfee\MSC\mcmscsvc.exe
    c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\McAfee\MPF\MPFSrv.exe
    c:\windows\system32\MsPMSPSv.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\program files\Windows Media Player\WMPNetwk.exe
    c:\progra~1\mcafee.com\agent\mcagent.exe
    c:\windows\system32\dllhost.exe
    c:\windows\stsystra.exe
    c:\windows\system32\Rundll32.exe
    c:\windows\eHome\ehmsas.exe
    c:\docume~1\atinker\LOCALS~1\Temp\clclean.0001
    c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    .
    **************************************************************************
    .
    Completion time: 2010-10-30 09:04:52 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-10-30 13:04

    Pre-Run: 32,102,469,632 bytes free
    Post-Run: 32,010,915,840 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

    - - End Of File - - B641DD1FAFB8DD8A1012EACBA4176072
     
  10. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Unless you installed Viewpoint Manager knowledgeably...
    Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
    Uninstall any of the following programs associated with Viewpoint:
    * Viewpoint Manager
    * Viewpoint Media Player
    * Viewpoint Toolbar
    This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

    ======================================================================

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\documents and settings\atinker\Application Data\del.bat
    
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=-
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  11. gdt55

    gdt55 TS Rookie Topic Starter Posts: 67

    CombFix log

    I uninstalled Viewpoint Manager and Media Player but could not find Viewpoint Toolbar to uninstall.
    Here is the ComboFix Log

    ComboFix 10-10-29.03 - atinker 10/30/2010 14:27:29.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.508 [GMT -4:00]
    Running from: c:\documents and settings\atinker\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\atinker\Desktop\CFScript.txt
    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    FILE ::
    "c:\documents and settings\atinker\Application Data\del.bat"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\atinker\Application Data\del.bat

    .
    ((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-30 )))))))))))))))))))))))))))))))
    .

    2010-10-30 00:14 . 2010-10-30 00:14 -------- d-----w- c:\documents and settings\atinker\Application Data\Malwarebytes
    2010-10-30 00:14 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-30 00:14 . 2010-10-30 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-10-30 00:14 . 2010-10-30 00:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-30 00:14 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-14 00:51 . 2010-10-14 00:51 151552 ----a-w- c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
    2010-10-14 00:51 . 2010-10-14 00:51 -------- d-----w- c:\program files\PopCap Games
    2010-10-13 21:07 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
    2010-10-13 21:07 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-13 21:07 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-13 21:06 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-18 16:23 . 2005-08-16 08:18 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2005-08-16 08:18 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2005-08-16 08:18 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2005-08-16 08:18 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-09 14:16 . 2005-08-16 08:18 667136 ----a-w- c:\windows\system32\wininet.dll
    2010-09-09 14:16 . 2005-08-16 08:18 61952 ----a-w- c:\windows\system32\tdc.ocx
    2010-09-09 14:16 . 2005-08-16 08:18 81920 ----a-w- c:\windows\system32\ieencode.dll
    2010-09-08 16:49 . 2005-08-16 08:18 369664 ----a-w- c:\windows\system32\html.iec
    2010-09-01 11:51 . 2005-08-16 08:18 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42 . 2005-08-16 08:18 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02 . 2005-08-16 08:18 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57 . 2005-08-16 08:18 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 13:39 . 2005-08-16 08:18 357248 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-08-26 12:52 . 2009-05-04 20:47 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12 . 2005-08-16 08:18 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17 . 2005-08-16 08:18 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45 . 2005-08-16 08:18 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
    "Aim6"="c:\program files\AIM6\aim6.exe" [2008-08-06 50472]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-25 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
    "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
    "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
    "MBMon"="CTMBHA.DLL" [2005-05-19 1345520]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
    "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 496752]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-21 24576]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-20 813584]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-01-06 18:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2007-10-18 15:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
    2006-06-29 18:17 319488 ----a-w- c:\program files\Napster\napster.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1156535100\\ee\\aolsoftware.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1156535100\\ee\\aim6.exe"=
    "c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
    "c:\\Program Files\\AIM6\\aim6.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Documents and Settings\\atinker\\My Documents\\Quake3\\quake3.exe"=
    "c:\\Program Files\\Ruckus Player\\Ruckus.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
    "c:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=

    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [1/20/2010 5:20 PM 10384]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [6/17/2009 12:55 PM 40720]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [6/17/2009 12:55 PM 10384]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

    2010-10-15 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 16:22]

    2010-10-01 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 16:22]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mStart Page = hxxp://www.dell.com
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\atinker\Start Menu\Programs\IMVU\Run IMVU.lnk
    FF - ProfilePath - c:\documents and settings\atinker\Application Data\Mozilla\Firefox\Profiles\at0tu0ks.default\
    FF - plugin: c:\documents and settings\atinker\Application Data\Move Networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\documents and settings\atinker\Application Data\Move Networks\plugins\npqmp071701000002.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-10-30 14:35
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(664)
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\common files\logishrd\bluetooth\LBTServ.dll
    .
    Completion time: 2010-10-30 14:37:25
    ComboFix-quarantined-files.txt 2010-10-30 18:37
    ComboFix2.txt 2010-10-30 13:04

    Pre-Run: 32,018,026,496 bytes free
    Post-Run: 32,006,422,528 bytes free

    - - End Of File - - 72D46CB03DE4A18C7A753869B6EABACA
     
     
  12. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Looks good :)

    How is computer doing at the moment?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. gdt55

    gdt55 TS Rookie Topic Starter Posts: 67

    OTL log part 1

    The computer seems to be working better. I haven't seen any memory warnings for a while. I still get a missing DLL message when the computer boots. I'll try to copy the message and post it.
    Here is the log.

    OTL logfile created on: 10/30/2010 7:30:06 PM - Run 1
    OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\atinker\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,022.00 Mb Total Physical Memory | 566.00 Mb Available Physical Memory | 55.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 69.79 Gb Total Space | 29.80 Gb Free Space | 42.70% Space Free | Partition Type: NTFS
    Drive D: | 702.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: TINKER | User Name: atinker | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/10/30 19:28:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\atinker\Desktop\OTL.exe
    PRC - [2010/10/30 14:43:28 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\atinker\Local Settings\temp\clclean.0001
    PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
    PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
    PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
    PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
    PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
    PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
    PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
    PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
    PRC - [2008/08/06 11:21:06 | 000,050,472 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/10/08 17:50:56 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
    PRC - [2007/07/25 19:11:16 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2006/08/21 08:03:10 | 000,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    PRC - [2006/05/03 03:12:00 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    PRC - [2005/09/15 09:47:22 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
    PRC - [2005/06/10 10:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    PRC - [2005/03/23 00:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
    PRC - [2004/04/07 12:07:34 | 000,496,752 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    PRC - [2004/04/07 12:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
    PRC - [2003/10/29 02:06:00 | 000,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/10/30 19:28:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\atinker\Desktop\OTL.exe
    MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2009/07/20 13:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
    MOD - [2008/07/25 11:17:20 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
    SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
    SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
    SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
    SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
    SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
    SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
    SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
    SRV - [2006/08/21 08:03:10 | 000,069,632 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
    SRV - [2004/04/07 12:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
    DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
    DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2009/06/17 12:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
    DRV - [2009/06/17 12:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
    DRV - [2009/06/17 12:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
    DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
    DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - [2006/08/21 08:10:08 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
    DRV - [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
    DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
    DRV - [2005/09/07 13:32:58 | 000,024,960 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2005/09/07 13:29:44 | 000,044,288 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
    DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
    DRV - [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
    DRV - [2005/08/04 04:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2005/06/06 21:40:48 | 000,180,736 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
    DRV - [2005/03/25 16:11:00 | 001,350,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sigfilt.sys -- (sigfilt)
    DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2003/11/17 21:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
    DRV - [2003/11/17 21:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2003/11/17 21:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
    FF - prefs.js..extensions.enabledItems: {BEEF54CF-A206-4F41-AA77-E8A2CF5F5A51}:1.9.1

    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/13 20:51:56 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/30 14:20:17 | 000,000,000 | ---D | M]

    [2009/06/29 10:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\atinker\Application Data\Mozilla\Extensions
    [2010/10/17 12:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\atinker\Application Data\Mozilla\Firefox\Profiles\at0tu0ks.default\extensions
    [2009/09/10 18:28:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\atinker\Application Data\Mozilla\Firefox\Profiles\at0tu0ks.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/10/17 12:35:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/05/10 00:02:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/05/10 00:01:42 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/10/13 20:51:56 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll

    O1 HOSTS File: ([2010/10/30 14:35:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
    O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (America Online, Inc)
    O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
    O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
    O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
    O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
    O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
    O4 - HKCU..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\atinker\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
    O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe ()
    O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.1.1 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\atinker\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\atinker\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902053519425536)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/10/30 19:28:21 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\atinker\Desktop\OTL.exe
    [2010/10/30 08:47:10 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/10/30 08:43:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/10/30 08:43:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/10/30 08:43:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/10/30 08:43:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/10/30 08:43:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/10/30 08:43:10 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/10/29 20:14:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\atinker\Application Data\Malwarebytes
    [2010/10/29 20:14:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/10/29 20:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/10/29 20:14:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/10/29 20:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/10/29 19:57:52 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\atinker\Desktop\TFC.exe
    [2010/10/21 02:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\atinker\My Documents\digi
    [2010/10/13 20:51:56 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games

    ========== Files - Modified Within 30 Days ==========

    [2010/10/30 19:28:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\atinker\Desktop\OTL.exe
    [2010/10/30 14:43:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/10/30 14:43:23 | 000,014,025 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
    [2010/10/30 14:42:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/10/30 14:42:23 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/30 14:35:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/10/30 08:47:15 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2010/10/30 08:39:36 | 003,895,619 | R--- | M] () -- C:\Documents and Settings\atinker\Desktop\ComboFix.exe
    [2010/10/30 08:35:33 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\atinker\Desktop\MBRCheck.exe
    [2010/10/29 20:36:04 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\atinker\Desktop\m76hnk6o.exe
    [2010/10/29 20:14:34 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/29 19:58:01 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\atinker\Desktop\TFC.exe
    [2010/10/28 18:21:27 | 000,084,992 | ---- | M] () -- C:\WINDOWS\MBR.exe
    [2010/10/27 00:24:59 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\atinker\Desktop\System Defragmenter.lnk
    [2010/10/26 20:04:56 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\atinker\jagex_runescape_preferences2.dat
    [2010/10/26 19:53:22 | 000,000,069 | ---- | M] () -- C:\Documents and Settings\atinker\jagex_runescape_preferences.dat
    [2010/10/25 17:54:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/10/25 11:19:22 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/10/19 12:56:37 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/10/15 01:11:06 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
    [2010/10/14 03:31:58 | 000,154,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/10/14 03:14:31 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/10/13 20:50:45 | 000,284,184 | ---- | M] () -- C:\Documents and Settings\atinker\Desktop\PopCapPluginInstaller_v2_en.exe
    [2010/10/13 17:26:02 | 000,010,053 | ---- | M] () -- C:\WINDOWS\System32\234.js
    [2010/10/07 03:05:28 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/10/07 03:05:28 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/10/01 01:00:28 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job

    ========== Files Created - No Company Name ==========

    [2010/10/30 08:47:15 | 000,000,209 | ---- | C] () -- C:\Boot.bak
    [2010/10/30 08:47:12 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/10/30 08:43:36 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/10/30 08:43:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/10/30 08:43:36 | 000,084,992 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/10/30 08:43:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/10/30 08:43:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/10/30 08:39:24 | 003,895,619 | R--- | C] () -- C:\Documents and Settings\atinker\Desktop\ComboFix.exe
    [2010/10/30 08:35:25 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\atinker\Desktop\MBRCheck.exe
    [2010/10/29 20:35:59 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\atinker\Desktop\m76hnk6o.exe
    [2010/10/29 20:14:34 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/27 00:24:59 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\atinker\Desktop\System Defragmenter.lnk
    [2010/10/13 20:50:45 | 000,284,184 | ---- | C] () -- C:\Documents and Settings\atinker\Desktop\PopCapPluginInstaller_v2_en.exe
    [2010/10/13 15:26:23 | 000,010,053 | ---- | C] () -- C:\WINDOWS\System32\234.js
    [2008/10/24 22:19:45 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
    [2008/10/24 22:19:44 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
    [2008/10/24 22:19:44 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
    [2007/12/03 03:17:21 | 000,000,551 | ---- | C] () -- C:\WINDOWS\Qiii.INI
    [2007/12/03 03:17:21 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Q3version.ini
    [2006/08/25 15:27:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
    [2006/08/25 13:52:58 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\atinker\Local Settings\Application Data\fusioncache.dat
    [2006/08/21 08:25:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/08/21 08:16:21 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/08/21 08:07:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/08/21 08:03:39 | 000,005,811 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
    [2006/08/21 07:38:00 | 001,345,520 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
    [2006/08/21 07:36:52 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/08/31 12:11:14 | 000,000,442 | ---- | C] () -- C:\WINDOWS\System32\dlcfplc.ini
    [2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/08/16 04:18:33 | 001,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(4).dll
    [2005/08/16 04:18:33 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
    [2005/08/16 04:18:33 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
    [2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
     
  14. gdt55

    gdt55 TS Rookie Topic Starter Posts: 67

    OTL log part 2

    ========== LOP Check ==========

    [2008/07/03 16:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
    [2005/08/16 20:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
    [2006/08/30 22:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
    [2010/10/30 14:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2010/04/12 17:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2009/02/05 21:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    [2010/10/15 01:11:06 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
    [2010/10/01 01:00:28 | 000,000,336 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/03/30 02:54:19 | 000,000,209 | ---- | M] () -- C:\Boot.bak
    [2010/10/30 08:47:15 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010/10/30 14:37:26 | 000,012,017 | ---- | M] () -- C:\ComboFix.txt
    [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2006/08/21 07:42:56 | 000,006,975 | RH-- | M] () -- C:\dell.sdr
    [2010/10/30 14:42:23 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
    [2006/08/29 10:07:20 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2007/12/03 03:23:18 | 000,000,174 | ---- | M] () -- C:\INSTALL.LOG
    [2005/08/16 04:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2008/09/09 17:58:33 | 000,000,370 | -H-- | M] () -- C:\IPH.PH
    [2005/08/16 04:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2004/08/10 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/07/08 21:53:27 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/10/30 14:42:22 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
    [2010/03/09 07:47:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2010/03/09 12:44:45 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
    [2010/03/11 21:50:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
    [2010/03/19 12:40:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
    [2010/03/28 22:04:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
    [2010/01/19 20:35:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
    [2010/01/22 14:08:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
    [2010/01/23 14:07:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
    [2010/02/08 15:15:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
    [2010/02/10 13:29:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
    [2010/02/11 07:46:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
    [2010/02/11 13:46:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
    [2010/02/21 23:12:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
    [2010/02/22 02:06:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
    [2010/02/22 18:29:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
    [2010/02/23 00:56:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
    [2010/02/28 17:11:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
    [2010/03/08 13:00:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
    [2010/03/08 13:04:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
    [2010/03/09 00:12:23 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
    [2010/03/09 07:47:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2010/03/09 12:44:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2010/03/11 21:50:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2010/03/19 12:40:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2010/03/28 22:04:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2010/01/19 20:35:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2010/01/22 14:08:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2010/01/23 14:07:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2010/02/08 15:15:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2010/02/10 13:29:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
    [2010/02/11 07:46:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2010/02/11 13:46:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2010/02/21 23:12:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
    [2010/02/22 02:06:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
    [2010/02/22 18:29:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
    [2010/02/23 00:56:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
    [2010/02/28 17:11:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
    [2010/03/08 13:00:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
    [2010/03/08 13:04:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
    [2010/03/09 00:12:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
    [2006/08/21 08:10:30 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
    [2009/04/25 01:04:19 | 000,000,000 | ---- | M] () -- C:\VETlog.dmp
    [2007/11/16 08:48:54 | 000,016,591 | ---- | M] () -- C:\VETlog.txt
    [2010/04/12 17:05:12 | 000,000,162 | ---- | M] () -- C:\YServer.txt

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2005/08/16 04:42:12 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2005/08/16 04:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2005/08/16 04:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2005/08/16 04:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/07/08 22:02:27 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
    [2004/06/23 11:40:18 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\NetZero - First Month Free!.exe

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2008/07/08 22:30:59 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\atinker\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2005/08/16 04:50:28 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\atinker\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/10/30 08:39:36 | 003,895,619 | R--- | M] () -- C:\Documents and Settings\atinker\Desktop\ComboFix.exe
    [2008/07/03 16:40:52 | 014,287,528 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\atinker\Desktop\Install_AIM.exe
    [2009/08/01 22:40:55 | 001,925,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\atinker\Desktop\install_flash_player.exe
    [2010/10/29 20:36:04 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\atinker\Desktop\m76hnk6o.exe
    [2010/10/30 08:35:33 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\atinker\Desktop\MBRCheck.exe
    [2010/10/30 19:28:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\atinker\Desktop\OTL.exe
    [2010/10/13 20:50:45 | 000,284,184 | ---- | M] () -- C:\Documents and Settings\atinker\Desktop\PopCapPluginInstaller_v2_en.exe
    [2010/10/29 19:58:01 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\atinker\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2001/01/16 13:20:02 | 000,405,504 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\atinker\My Documents\demo32.exe
    [2008/01/16 00:26:21 | 006,026,816 | ---- | M] (Mozilla) -- C:\Documents and Settings\atinker\My Documents\Firefox Setup 2.0.0.11.exe
    [2009/02/05 21:17:41 | 069,076,264 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\atinker\My Documents\iTunesSetup.exe
    [2000/08/24 13:44:18 | 000,077,824 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\atinker\My Documents\Setup.exe
    [2007/01/31 18:38:58 | 000,413,696 | ---- | M] (e-academy Inc.) -- C:\Documents and Settings\atinker\My Documents\VS_Net_2005_Standard_Downloader.exe
    [2007/12/03 01:17:00 | 009,479,520 | ---- | M] () -- C:\Documents and Settings\atinker\My Documents\winzip111.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2004/08/10 05:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2008/07/08 22:30:59 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\atinker\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/10/30 19:27:20 | 000,671,744 | ---- | M] () -- C:\Documents and Settings\atinker\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 01:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 01:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 01:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    < End of report >
     
  15. gdt55

    gdt55 TS Rookie Topic Starter Posts: 67

    Extras Log

    OTL Extras logfile created on: 10/30/2010 7:30:09 PM - Run 1
    OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\atinker\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,022.00 Mb Total Physical Memory | 566.00 Mb Available Physical Memory | 55.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 69.79 Gb Total Space | 29.80 Gb Free Space | 42.70% Space Free | Partition Type: NTFS
    Drive D: | 702.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: TINKER | User Name: atinker | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
    "C:\Program Files\Common Files\AOL\1156535100\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1156535100\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)
    "C:\Program Files\Common Files\AOL\1156535100\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1156535100\ee\aim6.exe:*:Enabled:AIM -- (America Online, Inc.)
    "C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
    "C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Documents and Settings\atinker\My Documents\Quake3\quake3.exe" = C:\Documents and Settings\atinker\My Documents\Quake3\quake3.exe:*:Disabled:quake3 -- ()
    "C:\Program Files\Ruckus Player\Ruckus.exe" = C:\Program Files\Ruckus Player\Ruckus.exe:*:Disabled:Ruckus -- ( )
    "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
    "C:\Program Files\StarCraft II\StarCraft II.exe" = C:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
    "C:\Program Files\StarCraft II\Versions\Base15405\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
    "{162D2FB8-60A3-4871-B6A1-5C744CD34FF5}" = 725plc32
    "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
    "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
    "{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
    "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
    "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
    "{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
    "{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Sonic Advanced Decoder
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
    "{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
    "{56DF5C9E-6392-46D3-B366-297B14E1DAAF}" = Bonjour Core for Windows
    "{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
    "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
    "{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
    "{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
    "{66F324A1-BDC0-11D7-9E5C-00D0B76A8705}" = Creative NOMAD Jukebox Zen Xtra
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
    "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
    "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
    "{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
    "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A8F4EF8-160C-4E0F-B32D-92E2313E039B}" = Microsoft Baseline Security Analyzer 2.0
    "{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
    "{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}" = Andrea VoiceCenter
    "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
    "{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
    "{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
    "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
    "{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
    "{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
    "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
    "{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
    "{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
    "{EBBE2FB2-FBED-44F6-B95F-230AB5A65B28}" = Goombah Partner COM Server
    "{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
    "12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "AIM_6" = AIM 6
    "AOL Connectivity Services" = AOL Connectivity Services
    "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
    "AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
    "ATI Display Driver" = ATI Display Driver
    "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
    "Creative Jukebox Driver" = Creative Jukebox Driver
    "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
    "EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    "ESPNMotion" = ESPNMotion
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
    "MSC" = McAfee SecurityCenter
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "PartyPokerNet" = PartyPokerNet
    "PopCap Browser Plugin" = PopCap Browser Plugin
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "RealPlayer 6.0" = RealPlayer Basic
    "Ruckus Player" = Ruckus Player
    "Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Product Registration
    "StarCraft II" = StarCraft II
    "StreetPlugin" = Learn2 Player (Uninstall Only)
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "WildTangent CDA" = WildTangent Web Driver
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMCSetup" = Windows Media Connect
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Move Media Player" = Move Media Player
    "Warcraft III" = Warcraft III

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 10/12/2010 2:58:08 AM | Computer Name = TINKER | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 10/12/2010 2:58:09 AM | Computer Name = TINKER | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 10/12/2010 3:09:33 PM | Computer Name = TINKER | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x7ad00090.

    Error - 10/12/2010 3:17:52 PM | Computer Name = TINKER | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 10/12/2010 9:06:08 PM | Computer Name = TINKER | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 10/17/2010 12:24:55 PM | Computer Name = TINKER | Source = Application Hang | ID = 1002
    Description = Hanging application iTunes.exe, version 8.0.2.20, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 10/25/2010 4:41:42 PM | Computer Name = TINKER | Source = McLogEvent | ID = 5051
    Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
    longer than 90000 ms to complete a request. The process will be terminated. Thread
    id : 3648 (0xe40) Thread address : 0x12024A78 Thread message : Build VSCORE.14.0.0.435
    / 5400.1158 Object being scanned = \Device\HarddiskVolume2\PROGRAM FILES\MCAFEE\VIRUSSCAN\MCINSUPD.EXE

    by System 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0)

    5004(0)(0)

    Error - 10/27/2010 9:42:03 PM | Computer Name = TINKER | Source = Application Hang | ID = 1002
    Description = Hanging application mcshell.exe, version 9.15.160.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 10/27/2010 9:42:19 PM | Computer Name = TINKER | Source = Application Hang | ID = 1002
    Description = Hanging application mcshell.exe, version 9.15.160.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 10/27/2010 9:43:17 PM | Computer Name = TINKER | Source = Application Hang | ID = 1002
    Description = Hanging application mcshell.exe, version 9.15.160.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    [ System Events ]
    Error - 10/7/2010 3:43:34 PM | Computer Name = TINKER | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.2.100 on
    the Network Card with network address 001372E312EC.

    Error - 10/8/2010 3:43:37 PM | Computer Name = TINKER | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.2.100 on
    the Network Card with network address 001372E312EC.

    Error - 10/10/2010 8:13:57 PM | Computer Name = TINKER | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.2.100 on
    the Network Card with network address 001372E312EC.

    Error - 10/14/2010 3:30:40 AM | Computer Name = TINKER | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the mcmscsvc service.

    Error - 10/15/2010 6:55:23 AM | Computer Name = TINKER | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.2.100 for the Network Card with network
    address 001372E312EC has been denied by the DHCP server 192.168.2.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 10/16/2010 11:25:38 PM | Computer Name = TINKER | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.2.100 on
    the Network Card with network address 001372E312EC.

    Error - 10/17/2010 11:25:41 PM | Computer Name = TINKER | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.2.100 on
    the Network Card with network address 001372E312EC.

    Error - 10/18/2010 11:25:47 PM | Computer Name = TINKER | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.2.100 on
    the Network Card with network address 001372E312EC.

    Error - 10/21/2010 7:18:47 AM | Computer Name = TINKER | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.2.100 on
    the Network Card with network address 001372E312EC.

    Error - 10/22/2010 7:18:50 AM | Computer Name = TINKER | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.2.100 on
    the Network Card with network address 001372E312EC.


    < End of report >
     
  16. gdt55

    gdt55 TS Rookie Topic Starter Posts: 67

    Missing DLL message is gone

    I just rebooted and the missing DLL message is gone.
    I'll take that as a good thing.
     
  17. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    I need to know exact names of missing dlls.

    ========================================================================

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
      O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
      O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\atinker\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      [2010/10/30 14:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
      [2004/06/23 11:40:18 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\NetZero - First Month Free!.exe
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
      "DisableMonitoring" =-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
      "DisableMonitoring" =-
      
      :Files
      C:\*.sqm
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  18. gdt55

    gdt55 TS Rookie Topic Starter Posts: 67

    OTL Log

    I no longer get any missing DLL messages. Here is the OTL log, scans next as I finish them.

    All processes killed
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UpdReg deleted successfully.
    C:\WINDOWS\Updreg.EXE moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
    C:\Documents and Settings\All Users\Start Menu\NetZero - First Month Free!.exe moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.
    ========== FILES ==========
    C:\sqmdata00.sqm moved successfully.
    C:\sqmdata01.sqm moved successfully.
    C:\sqmdata02.sqm moved successfully.
    C:\sqmdata03.sqm moved successfully.
    C:\sqmdata04.sqm moved successfully.
    C:\sqmdata05.sqm moved successfully.
    C:\sqmdata06.sqm moved successfully.
    C:\sqmdata07.sqm moved successfully.
    C:\sqmdata08.sqm moved successfully.
    C:\sqmdata09.sqm moved successfully.
    C:\sqmdata10.sqm moved successfully.
    C:\sqmdata11.sqm moved successfully.
    C:\sqmdata12.sqm moved successfully.
    C:\sqmdata13.sqm moved successfully.
    C:\sqmdata14.sqm moved successfully.
    C:\sqmdata15.sqm moved successfully.
    C:\sqmdata16.sqm moved successfully.
    C:\sqmdata17.sqm moved successfully.
    C:\sqmdata18.sqm moved successfully.
    C:\sqmdata19.sqm moved successfully.
    C:\sqmnoopt00.sqm moved successfully.
    C:\sqmnoopt01.sqm moved successfully.
    C:\sqmnoopt02.sqm moved successfully.
    C:\sqmnoopt03.sqm moved successfully.
    C:\sqmnoopt04.sqm moved successfully.
    C:\sqmnoopt05.sqm moved successfully.
    C:\sqmnoopt06.sqm moved successfully.
    C:\sqmnoopt07.sqm moved successfully.
    C:\sqmnoopt08.sqm moved successfully.
    C:\sqmnoopt09.sqm moved successfully.
    C:\sqmnoopt10.sqm moved successfully.
    C:\sqmnoopt11.sqm moved successfully.
    C:\sqmnoopt12.sqm moved successfully.
    C:\sqmnoopt13.sqm moved successfully.
    C:\sqmnoopt14.sqm moved successfully.
    C:\sqmnoopt15.sqm moved successfully.
    C:\sqmnoopt16.sqm moved successfully.
    C:\sqmnoopt17.sqm moved successfully.
    C:\sqmnoopt18.sqm moved successfully.
    C:\sqmnoopt19.sqm moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: atinker
    ->Temp folder emptied: 12482157 bytes
    ->Temporary Internet Files folder emptied: 9525795 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 1201 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: gtinker
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 664 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 21.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: atinker
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: gtinker

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.1 log created on 10302010_222209

    Files\Folders moved on Reboot...
    C:\Documents and Settings\atinker\Local Settings\Temp\clclean.0001.dir.0001\~df394b.tmp moved successfully.
    C:\Documents and Settings\atinker\Local Settings\Temp\clclean.0001.dir.0001\~efe2.tmp moved successfully.

    Registry entries deleted on Reboot...
     
  19. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Good news :)
     
  20. gdt55

    gdt55 TS Rookie Topic Starter Posts: 67

    Security Check error when copying

    I tried to download the Security Check but recieved the following message;
    Error Copying file or Folder
    Cannot copy SecurityCheck{1}: Access is denied
    Maker sure the disk is not full or write-protected
    and that the file is not currently in use

    I deleted the log files that were made during these efforts and did run TFC as it was already on my desktop, rebooted and still can't download it.
    I checked and I have about 29 GB of free space.
    The drive being full was one of the error messages we would get along with the memory errors before we started cleaning.
     
  21. Broni

    Broni Malware Annihilator Posts: 46,860   +254

  22. gdt55

    gdt55 TS Rookie Topic Starter Posts: 67

    Security Check log

    Figured it out. McAfee was preventing me from opening or saving the file, it thought it was a trojan.

    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 6 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    McAfee SecurityCenter
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.0.45.2
    Adobe Reader 7.0
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.0.19) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    McAfee VIRUSS~1 mcshield.exe
    McAfee VIRUSS~1 mcsysmon.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
  23. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    1. Update Firefox

    2. Update IE to at least version 7.

    3. Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.

    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
    On this page:

    [​IMG]

    make sure, you have both boxes UN-checked AND (important!) click on Decline button

    4. I still need Eset log.
     
  24. gdt55

    gdt55 TS Rookie Topic Starter Posts: 67

    ESET Scan Log

    C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4144.0.4\setup.exe probably a variant of Win32/Agent.HZHBURL trojan
     
  25. gdt55

    gdt55 TS Rookie Topic Starter Posts: 67

    Updates

    I did all of the updates.
    I still have a program icon on my desktop for System Defragmenter.
    Can I unistall it? My son says he didn't install it.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.