Solved We have a virus or trojan

Status
Not open for further replies.
G

gdt55

Posts: 67   +0
My son's computer started giving him memory warnings and messages about files or DLL not loading. A program named System Defragmenter has also somehow been loaded on his system. I have followed the 8 steps and have not uninstalled the program. Here are the requested logs.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4994

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

10/29/2010 8:30:38 PM
mbam-log-2010-10-29 (20-30-38).txt

Scan type: Quick scan
Objects scanned: 160238
Time elapsed: 11 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upd32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\atinker\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ldinfo.ldr (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\atinker\Application Data\dsfsds.bat (Malware.Trace) -> Quarantined and deleted successfully.
 
gmer log part 1

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-29 22:00:53
Windows 5.1.2600 Service Pack 3
Running: m76hnk6o.exe; Driver: C:\DOCUME~1\atinker\LOCALS~1\Temp\uftdipow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xEE03078A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xEE030821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEE030738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xEE03074C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xEE030835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xEE030861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xEE0308CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xEE0308B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xEE0307CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xEE0308FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xEE03080D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xEE030710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xEE030724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEE03079E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xEE030937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xEE0308A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xEE03088D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xEE03084B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xEE030923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xEE03090F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xEE030776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xEE030762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xEE030877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xEE0307F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xEE0308E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEE0307E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEE0307B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----
 
gmer log part 2

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F70FE5
.text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F70098
.text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F70087
.text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F7006C
.text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F7005B
.text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F7002F
.text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F700C6
.text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F70F7E
.text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F7010D
.text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F700FC
.text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F70128
.text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F70040
.text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F7000A
.text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F700A9
.text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F70FC3
.text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F70FD4
.text C:\WINDOWS\System32\svchost.exe[188] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F700E1
.text C:\WINDOWS\System32\svchost.exe[188] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F60FD4
.text C:\WINDOWS\System32\svchost.exe[188] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F60080
.text C:\WINDOWS\System32\svchost.exe[188] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F6002F
.text C:\WINDOWS\System32\svchost.exe[188] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F60014
.text C:\WINDOWS\System32\svchost.exe[188] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F6006F
.text C:\WINDOWS\System32\svchost.exe[188] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F60FEF
.text C:\WINDOWS\System32\svchost.exe[188] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F60054
.text C:\WINDOWS\System32\svchost.exe[188] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F60FC3
.text C:\WINDOWS\System32\svchost.exe[188] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F50042
.text C:\WINDOWS\System32\svchost.exe[188] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F50FB7
.text C:\WINDOWS\System32\svchost.exe[188] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F5000C
.text C:\WINDOWS\System32\svchost.exe[188] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F50FEF
.text C:\WINDOWS\System32\svchost.exe[188] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F50027
.text C:\WINDOWS\System32\svchost.exe[188] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F50FD2
.text C:\WINDOWS\System32\svchost.exe[188] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070F41
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070036
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070F5C
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070F79
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070FAF
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0007005B
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070F15
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00070ED3
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070EEE
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00070087
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070F94
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0007000A
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00070F26
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00070FCA
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0007006C
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00060025
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060F83
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00060FD4
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0006000A
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00060F9E
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00060FAF
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [26, 88]
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060036
.text C:\WINDOWS\system32\services.exe[712] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050F9C
.text C:\WINDOWS\system32\services.exe[712] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050FAD
.text C:\WINDOWS\system32\services.exe[712] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0005000C
.text C:\WINDOWS\system32\services.exe[712] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050FE3
.text C:\WINDOWS\system32\services.exe[712] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0005001D
.text C:\WINDOWS\system32\services.exe[712] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050FD2
.text C:\WINDOWS\system32\services.exe[712] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E20FEF
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E2008C
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E20F8D
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E20FA8
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E2005B
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E20FD4
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E200B3
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E20F6B
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E20F3C
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E200DF
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E20F2B
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E20FC3
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E2000A
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E20F7C
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E20040
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E20025
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E200CE
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E10F9E
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E10025
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E10FB9
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E10FD4
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E10F68
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E10FE5
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E1000A
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E10F8D
.text C:\WINDOWS\system32\lsass.exe[724] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E0004C
.text C:\WINDOWS\system32\lsass.exe[724] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E00FC1
.text C:\WINDOWS\system32\lsass.exe[724] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E0000C
.text C:\WINDOWS\system32\lsass.exe[724] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E00FE3
.text C:\WINDOWS\system32\lsass.exe[724] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E00027
.text C:\WINDOWS\system32\lsass.exe[724] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E00FD2
.text C:\WINDOWS\system32\lsass.exe[724] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DF0FE5
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FD0F5A
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FD0045
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FD0028
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FD0F75
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FD0F97
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FD007B
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FD0060
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FD00AE
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FD009D
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FD0EF0
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FD0F86
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FD0FDE
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FD0F3F
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FD0FA8
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FD0FCD
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FD008C
 
gmer log part 3

.text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FC0040
.text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FC0FA8
.text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FC0025
.text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FC000A
.text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FC0065
.text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FC0FEF
.text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FC0FB9
.text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1C, 89] {SBB AL, 0x89}
.text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FC0FD4
.text C:\WINDOWS\system32\svchost.exe[932] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FB004E
.text C:\WINDOWS\system32\svchost.exe[932] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FB003D
.text C:\WINDOWS\system32\svchost.exe[932] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FB0FD7
.text C:\WINDOWS\system32\svchost.exe[932] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FB0000
.text C:\WINDOWS\system32\svchost.exe[932] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FB0022
.text C:\WINDOWS\system32\svchost.exe[932] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FB0011
.text C:\WINDOWS\system32\svchost.exe[932] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FA0FEF
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C50000
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C50FA0
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C5009F
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C50084
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C50073
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C50047
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C500CD
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C500B0
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C50F45
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C50F56
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C500EF
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C50058
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C50011
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C50F85
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C5002C
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C50FDB
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C500DE
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C40FDE
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C40FBC
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C40025
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C40FEF
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C4006F
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C4000A
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C40FCD
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E4, 88] {IN AL, 0x88}
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C4004A
.text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C30069
.text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C30FDE
.text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C30029
.text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C30FEF
.text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C30044
.text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C3000C
.text C:\WINDOWS\system32\svchost.exe[988] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C20000
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03D60FE5
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03D6006E
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03D60F6F
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03D6003D
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03D6002C
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03D6001B
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03D600AB
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03D6009A
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03D600E1
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03D600C6
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03D60F2D
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03D60F94
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03D60FD4
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03D6007F
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03D60FAF
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03D60000
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03D60F3E
.text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03D50FCA
.text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03D50051
.text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03D50FE5
.text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 03D50011
.text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 03D50F94
.text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03D50000
.text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 03D50036
.text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03D50FAF
.text C:\WINDOWS\System32\svchost.exe[1088] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 03D4006E
.text C:\WINDOWS\System32\svchost.exe[1088] msvcrt.dll!system 77C293C7 5 Bytes JMP 03D40049
.text C:\WINDOWS\System32\svchost.exe[1088] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 03D4002E
.text C:\WINDOWS\System32\svchost.exe[1088] msvcrt.dll!_open 77C2F566 5 Bytes JMP 03D40000
.text C:\WINDOWS\System32\svchost.exe[1088] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 03D40FD9
.text C:\WINDOWS\System32\svchost.exe[1088] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 03D40011
.text C:\WINDOWS\System32\svchost.exe[1088] WS2_32.dll!socket 71AB4211 5 Bytes JMP 03D20000
.text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 03D3001B
.text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 03D30000
.text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 03D3002C
.text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 03D3003D
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007B0000
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007B0F91
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007B0090
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007B0FB6
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007B0073
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007B0062
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007B0F65
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007B00AD
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007B00EA
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007B00D9
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007B00FB
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 007B0FD1
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007B001B
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007B0F76
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 007B0047
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 007B0036
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007B00C8
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007A0036
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007A0F9E
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007A0FE5
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007A0025
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007A0FAF
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007A0000
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 007A0FC0
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [9A, 88]
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007A0047
.text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00790F8B
.text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!system 77C293C7 5 Bytes JMP 00790F9C
.text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00790FC8
.text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00790000
.text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00790FB7
.text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00790FE3
.text C:\WINDOWS\system32\svchost.exe[1200] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00780000
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D7000A
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D70087
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D70076
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D70065
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D70FA8
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D70040
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D700AE
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D70F66
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D70F15
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D70F30
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D70F04
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D70FB9
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D70FEF
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D70F77
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D70025
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D70FD4
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D70F4B
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D60FC0
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D6005B
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D60FDB
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D60011
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D60F94
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D60000
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D60FA5
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F6, 88]
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D6002C
.text C:\WINDOWS\system32\svchost.exe[1252] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D50FA6
.text C:\WINDOWS\system32\svchost.exe[1252] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D50027
.text C:\WINDOWS\system32\svchost.exe[1252] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D50FD2
.text C:\WINDOWS\system32\svchost.exe[1252] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D50000
.text C:\WINDOWS\system32\svchost.exe[1252] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D50FB7
.text C:\WINDOWS\system32\svchost.exe[1252] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D50FE3
.text C:\WINDOWS\system32\svchost.exe[1252] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D40FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1648] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1648] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01E40000
.text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01E4007F
.text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01E4006E
.text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01E40053
.text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01E40F94
.text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01E40FA5
.text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01E400BC
.text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01E400AB
.text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01E40103
.text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01E400E8
.text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01E40114
.text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01E4002C
.text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01E40FDB
.text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01E4009A
.text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01E40FC0
.text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01E40011
.text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01E400CD
.text C:\WINDOWS\Explorer.EXE[1732] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01480FC3
.text C:\WINDOWS\Explorer.EXE[1732] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01480F72
.text C:\WINDOWS\Explorer.EXE[1732] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0148001E
.text C:\WINDOWS\Explorer.EXE[1732] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01480FDE
.text C:\WINDOWS\Explorer.EXE[1732] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01480039
.text C:\WINDOWS\Explorer.EXE[1732] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01480FEF
.text C:\WINDOWS\Explorer.EXE[1732] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01480F97
.text C:\WINDOWS\Explorer.EXE[1732] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [68, 89]
.text C:\WINDOWS\Explorer.EXE[1732] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01480FA8
.text C:\WINDOWS\Explorer.EXE[1732] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0147003F
.text C:\WINDOWS\Explorer.EXE[1732] msvcrt.dll!system 77C293C7 5 Bytes JMP 01470FB4
.text C:\WINDOWS\Explorer.EXE[1732] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01470FD9
.text C:\WINDOWS\Explorer.EXE[1732] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01470000
.text C:\WINDOWS\Explorer.EXE[1732] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0147002E
.text C:\WINDOWS\Explorer.EXE[1732] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0147001D
.text C:\WINDOWS\Explorer.EXE[1732] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 01460000
.text C:\WINDOWS\Explorer.EXE[1732] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 01460FEF
.text C:\WINDOWS\Explorer.EXE[1732] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 01460FBE
.text C:\WINDOWS\Explorer.EXE[1732] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 01460FAD
.text C:\WINDOWS\Explorer.EXE[1732] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01450FEF
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AC0FE5
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AC0089
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AC0078
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AC005D
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AC0036
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AC0FB9
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AC0F41
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AC0F52
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AC00B5
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AC00A4
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AC0F01
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AC0F9E
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AC000A
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AC0F6F
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AC0FCA
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AC001B
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AC0F30
.text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AB0033
.text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AB0098
.text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AB0022
.text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AB0011
.text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AB0FD1
.text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AB0000
.text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00AB0069
.text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AB004E
.text C:\WINDOWS\system32\svchost.exe[1820] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AA0FAF
.text C:\WINDOWS\system32\svchost.exe[1820] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AA0044
.text C:\WINDOWS\system32\svchost.exe[1820] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AA0022
.text C:\WINDOWS\system32\svchost.exe[1820] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AA0000
.text C:\WINDOWS\system32\svchost.exe[1820] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AA0033
.text C:\WINDOWS\system32\svchost.exe[1820] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AA0011
.text C:\WINDOWS\system32\svchost.exe[1820] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 00A90FDE
.text C:\WINDOWS\system32\svchost.exe[1820] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00A90FEF
.text C:\WINDOWS\system32\svchost.exe[1820] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00A90020
.text C:\WINDOWS\system32\svchost.exe[1820] WININET.dll!InternetOpenUrlW 771D5BB2 3 Bytes JMP 00A9003B
.text C:\WINDOWS\system32\svchost.exe[1820] WININET.dll!InternetOpenUrlW + 4 771D5BB6 1 Byte [89]
.text C:\WINDOWS\system32\svchost.exe[1820] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A80000
.text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AD0000
.text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AD0098
.text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AD0087
.text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AD0FAD
.text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AD0FCA
.text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AD0051
.text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AD00C9
.text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AD0F81
.text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AD00DA
.text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AD0F41
.text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AD0F30
.text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AD006C
.text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AD0011
.text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AD0F92
.text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AD0036
.text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AD0FDB
.text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AD0F5C
.text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AC001B
.text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AC0051
.text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AC0FD4
.text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AC000A
.text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AC0F94
.text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AC0FEF
.text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00AC0FAF
.text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [CC, 88]
.text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AC002C
.text C:\WINDOWS\system32\svchost.exe[2336] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AB0038
.text C:\WINDOWS\system32\svchost.exe[2336] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AB001D
.text C:\WINDOWS\system32\svchost.exe[2336] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AB0FC8
.text C:\WINDOWS\system32\svchost.exe[2336] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AB000C
.text C:\WINDOWS\system32\svchost.exe[2336] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AB0FAD
.text C:\WINDOWS\system32\svchost.exe[2336] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AB0FEF
.text C:\WINDOWS\system32\svchost.exe[2336] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AA0FEF
.text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F00FE5
.text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F00080
.text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F00F8B
.text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F00F9C
.text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F00FB9
.text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F00FD4
.text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F00F49
.text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F00F66
.text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F000BD
.text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F00F24
.text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F00F13
.text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F00051
.text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F00000
.text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F00091
.text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F00036
.text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F0001B
.text C:\WINDOWS\system32\dllhost.exe[3748] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F000A2
.text C:\WINDOWS\system32\dllhost.exe[3748] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EE0F92
.text C:\WINDOWS\system32\dllhost.exe[3748] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EE0FAD
.text C:\WINDOWS\system32\dllhost.exe[3748] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EE001D
.text C:\WINDOWS\system32\dllhost.exe[3748] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EE0000
.text C:\WINDOWS\system32\dllhost.exe[3748] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EE0FC8
.text C:\WINDOWS\system32\dllhost.exe[3748] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EE0FE3
.text C:\WINDOWS\system32\dllhost.exe[3748] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EF0FAF
.text C:\WINDOWS\system32\dllhost.exe[3748] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EF0F80
.text C:\WINDOWS\system32\dllhost.exe[3748] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EF000A
.text C:\WINDOWS\system32\dllhost.exe[3748] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EF0FDE
.text C:\WINDOWS\system32\dllhost.exe[3748] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EF0047
.text C:\WINDOWS\system32\dllhost.exe[3748] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EF0FEF
.text C:\WINDOWS\system32\dllhost.exe[3748] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00EF0036
.text C:\WINDOWS\system32\dllhost.exe[3748] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EF0025
.text C:\WINDOWS\system32\dllhost.exe[3748] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00ED000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat B9321D20

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----
 
Attach log

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-21.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/25/2006 1:51:15 PM
System Uptime: 10/29/2010 8:32:29 PM (2 hours ago)

Motherboard: Dell Inc. | | 0HJ054
Processor: Intel(R) Pentium(R) D CPU 2.66GHz | Microprocessor | 2660/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 29.991 GiB free.
D: is CDROM (UDF)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1177: 8/2/2010 11:44:02 PM - System Checkpoint
RP1178: 8/3/2010 3:00:17 AM - Software Distribution Service 3.0
RP1179: 8/4/2010 3:07:04 AM - System Checkpoint
RP1180: 8/5/2010 5:16:24 AM - System Checkpoint
RP1181: 8/6/2010 5:58:31 AM - System Checkpoint
RP1182: 8/7/2010 6:29:03 AM - System Checkpoint
RP1183: 8/8/2010 7:29:02 AM - System Checkpoint
RP1184: 8/9/2010 8:29:04 AM - System Checkpoint
RP1185: 8/10/2010 9:29:01 AM - System Checkpoint
RP1186: 8/11/2010 10:29:00 AM - System Checkpoint
RP1187: 8/12/2010 3:00:46 AM - Software Distribution Service 3.0
RP1188: 8/13/2010 3:41:25 AM - System Checkpoint
RP1189: 8/14/2010 3:56:18 AM - System Checkpoint
RP1190: 8/15/2010 4:56:18 AM - System Checkpoint
RP1191: 8/16/2010 5:57:23 AM - System Checkpoint
RP1192: 8/17/2010 6:56:19 AM - System Checkpoint
RP1193: 8/18/2010 7:31:05 AM - System Checkpoint
RP1194: 8/19/2010 8:31:04 AM - System Checkpoint
RP1195: 8/20/2010 9:31:07 AM - System Checkpoint
RP1196: 8/21/2010 10:31:05 AM - System Checkpoint
RP1197: 8/22/2010 11:52:10 AM - System Checkpoint
RP1198: 8/23/2010 12:31:07 PM - System Checkpoint
RP1199: 8/24/2010 1:31:07 PM - System Checkpoint
RP1200: 8/25/2010 1:32:13 PM - System Checkpoint
RP1201: 8/26/2010 2:31:09 PM - System Checkpoint
RP1202: 8/27/2010 3:31:08 PM - System Checkpoint
RP1203: 8/28/2010 4:27:02 PM - System Checkpoint
RP1204: 8/30/2010 12:17:22 AM - System Checkpoint
RP1205: 8/31/2010 2:03:04 AM - System Checkpoint
RP1206: 9/1/2010 2:31:14 AM - System Checkpoint
RP1207: 9/2/2010 3:31:16 AM - System Checkpoint
RP1208: 9/3/2010 4:31:18 AM - System Checkpoint
RP1209: 9/4/2010 5:31:15 AM - System Checkpoint
RP1210: 9/5/2010 6:31:15 AM - System Checkpoint
RP1211: 9/6/2010 7:31:17 AM - System Checkpoint
RP1212: 9/7/2010 8:41:28 AM - System Checkpoint
RP1213: 9/8/2010 3:00:19 AM - Software Distribution Service 3.0
RP1214: 9/9/2010 3:31:16 AM - System Checkpoint
RP1215: 9/10/2010 4:31:20 AM - System Checkpoint
RP1216: 9/11/2010 5:23:32 AM - System Checkpoint
RP1217: 9/12/2010 5:31:18 AM - System Checkpoint
RP1218: 9/13/2010 7:59:32 AM - System Checkpoint
RP1219: 9/14/2010 8:32:25 AM - System Checkpoint
RP1220: 9/15/2010 9:31:19 AM - System Checkpoint
RP1221: 9/16/2010 3:00:43 AM - Software Distribution Service 3.0
RP1222: 9/17/2010 4:15:21 AM - System Checkpoint
RP1223: 9/18/2010 4:33:04 AM - System Checkpoint
RP1224: 9/19/2010 5:34:09 AM - System Checkpoint
RP1225: 9/20/2010 7:25:07 AM - System Checkpoint
RP1226: 9/21/2010 7:33:02 AM - System Checkpoint
RP1227: 9/22/2010 8:30:44 AM - System Checkpoint
RP1228: 9/23/2010 8:33:05 AM - System Checkpoint
RP1229: 9/24/2010 9:33:06 AM - System Checkpoint
RP1230: 9/25/2010 10:33:07 AM - System Checkpoint
RP1231: 9/26/2010 11:33:06 AM - System Checkpoint
RP1232: 9/27/2010 12:33:06 PM - System Checkpoint
RP1233: 9/28/2010 1:41:17 PM - System Checkpoint
RP1234: 9/29/2010 3:00:23 AM - Software Distribution Service 3.0
RP1235: 9/30/2010 3:33:08 AM - System Checkpoint
RP1236: 10/1/2010 4:33:08 AM - System Checkpoint
RP1237: 10/2/2010 5:33:08 AM - System Checkpoint
RP1238: 10/3/2010 6:33:09 AM - System Checkpoint
RP1239: 10/4/2010 7:53:35 AM - System Checkpoint
RP1240: 10/5/2010 8:33:08 AM - System Checkpoint
RP1241: 10/6/2010 8:34:14 AM - System Checkpoint
RP1242: 10/7/2010 3:00:21 AM - Software Distribution Service 3.0
RP1243: 10/8/2010 3:00:25 AM - Software Distribution Service 3.0
RP1244: 10/9/2010 3:33:10 AM - System Checkpoint
RP1245: 10/10/2010 4:33:10 AM - System Checkpoint
RP1246: 10/11/2010 5:33:10 AM - System Checkpoint
RP1247: 10/12/2010 6:34:14 AM - System Checkpoint
RP1248: 10/13/2010 7:51:54 AM - System Checkpoint
RP1249: 10/14/2010 3:01:05 AM - Software Distribution Service 3.0
RP1250: 10/15/2010 3:35:58 AM - System Checkpoint
RP1251: 10/16/2010 4:10:00 AM - System Checkpoint
RP1252: 10/17/2010 4:59:18 AM - System Checkpoint
RP1253: 10/18/2010 5:59:18 AM - System Checkpoint
RP1254: 10/19/2010 7:01:43 AM - System Checkpoint
RP1255: 10/20/2010 7:59:03 AM - System Checkpoint
RP1256: 10/21/2010 7:59:18 AM - System Checkpoint
RP1257: 10/22/2010 8:59:19 AM - System Checkpoint
RP1258: 10/23/2010 9:59:20 AM - System Checkpoint
RP1259: 10/24/2010 10:59:20 AM - System Checkpoint
RP1260: 10/25/2010 11:00:25 AM - System Checkpoint
RP1261: 10/26/2010 11:59:20 AM - System Checkpoint
RP1262: 10/27/2010 12:47:26 PM - System Checkpoint
RP1263: 10/28/2010 1:06:21 PM - System Checkpoint
RP1264: 10/29/2010 2:06:21 PM - System Checkpoint

==== Installed Programs ======================

725plc32
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Adobe Shockwave Player 11.5
AIM 6
Andrea VoiceCenter
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Bonjour
Bonjour Core for Windows
CDDRV_Installer
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Corel Photo Album 6
Creative Jukebox Driver
Creative MediaSource
Creative NOMAD Jukebox Zen Xtra
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
EarthLink setup files
EducateU
ELIcon
erLT
ESPNMotion
Games, Music, & Photos Launcher
GemMaster Mystic
Get High Speed Internet!
Google Toolbar for Internet Explorer
Goombah Partner COM Server
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Internet Service Offers Launcher
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 20
KhalInstallWrapper
Learn2 Player (Uninstall Only)
Logitech SetPoint
Malwarebytes' Anti-Malware
McAfee SecurityCenter
MCU
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Baseline Security Analyzer 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Basic Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Modem Helper
Move Media Player
Mozilla Firefox (3.0.19)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch for Windows Media Player
Napster
Napster Burn Engine
NetWaiting
NetZeroInstallers
Otto
PartyPokerNet
PopCap Browser Plugin
QuickTime
RealPlayer Basic
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Ruckus Player
Search Assist
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic Activation Module
Sonic Advanced Decoder
Sonic Encoders
Sonic Update Manager
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
StarCraft II
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Warcraft III
WebCyberCoach 3.2 Dell
WebFldrs XP
WildTangent Web Driver
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

10/29/2010 8:33:02 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
10/29/2010 8:00:12 PM, error: Service Control Manager [7034] - The Creative Labs Licensing Service service terminated unexpectedly. It has done this 1 time(s).
10/29/2010 8:00:12 PM, error: Service Control Manager [7031] - The McAfee SystemGuards service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2010 8:00:11 PM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
10/29/2010 8:00:11 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
10/29/2010 8:00:11 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2010 8:00:11 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2010 8:00:11 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
10/29/2010 8:00:11 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2010 8:00:10 PM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
10/29/2010 8:00:10 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
10/29/2010 8:00:10 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2010 8:00:08 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
10/28/2010 8:03:35 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 480 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
10/28/2010 4:03:35 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 960 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
10/28/2010 4:03:35 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 240 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
10/28/2010 2:03:35 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
10/28/2010 12:33:35 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
10/28/2010 12:18:35 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
10/28/2010 1:03:35 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
10/27/2010 12:18:19 AM, error: Dhcp [1002] - The IP address lease 192.168.2.100 for the Network Card with network address 001372E312EC has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
10/25/2010 4:42:11 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

==== End Of File ===========================
 
DDS log

DDS (Ver_10-10-21.02) - NTFSx86
Run by atinker at 22:06:25.25 on Fri 10/29/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.550 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\DOCUME~1\atinker\LOCALS~1\Temp\clclean.0001
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Documents and Settings\atinker\Desktop\dds.scr
C:\WINDOWS\system32\wscntfy.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
mDefault_Page_URL = hxxp://www.dell.com
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Hdutiwoniqivuxe] rundll32.exe "c:\windows\a32rfp1n.dll",Startup
uRun: [1011938437] c:\docume~1\atinker\locals~1\temp\1011938437.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\atinker\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 209.85.74.6 www2.hobowars.com.
================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\atinker\applic~1\mozilla\firefox\profiles\at0tu0ks.default\
FF - plugin: c:\documents and settings\atinker\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\atinker\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {BEEF54CF-A206-4F41-AA77-E8A2CF5F5A51} - c:\documents and settings\atinker\local settings\application data\{BEEF54CF-A206-4F41-AA77-E8A2CF5F5A51}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-7-8 214664]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-1-20 10384]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-7-8 359952]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-7-8 144704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-2-21 24652]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 10384]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-7-8 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-7-8 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-7-8 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-7-8 40552]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-7-8 606736]

=============== Created Last 30 ================

2010-10-30 00:14:52 -------- d-----w- c:\docume~1\atinker\applic~1\Malwarebytes
2010-10-30 00:14:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-30 00:14:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-30 00:14:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-30 00:14:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-14 00:51:56 151552 ----a-w- c:\program files\mozilla firefox\plugins\nppopcaploader.dll
2010-10-14 00:51:56 -------- d-----w- c:\program files\PopCap Games
2010-10-13 21:26:04 165 ----a-w- c:\docume~1\atinker\applic~1\del.bat
2010-10-13 21:07:33 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-13 21:07:32 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 21:07:32 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 21:06:50 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

==================== Find3M ====================

2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16:31 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16:30 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:16:29 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 16:49:49 369664 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-28 06:47:40 0 ----a-w- c:\windows\Cjolobituyi.bin
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 22:06:55.04 ===============
 
Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE. If Combofix asks you to install Recovery Console, please allow it.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
MBRCheck log

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 151):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7992000 \WINDOWS\system32\KDCOM.DLL
0xF78A2000 \WINDOWS\system32\BOOTVID.dll
0xF7492000 djyq.sys
0xF7363000 ACPI.sys
0xF7994000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7352000 pci.sys
0xF74A2000 isapnp.sys
0xF7A5A000 pciide.sys
0xF7712000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF74B2000 MountMgr.sys
0xF7333000 ftdisk.sys
0xF7996000 dmload.sys
0xF730D000 dmio.sys
0xF771A000 PartMgr.sys
0xF74C2000 VolSnap.sys
0xF72F5000 atapi.sys
0xF74D2000 disk.sys
0xF74E2000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72D5000 fltmgr.sys
0xF72C3000 sr.sys
0xF72AD000 DRVMCDB.SYS
0xF7722000 PxHelp20.sys
0xF7296000 KSecDD.sys
0xF7209000 Ntfs.sys
0xF71DC000 NDIS.sys
0xF71C2000 Mup.sys
0xF7562000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF688F000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF687B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6853000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF780A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF682F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7812000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF67FB000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xF67D8000 \SystemRoot\system32\DRIVERS\ks.sys
0xF66D9000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF6632000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF781A000 \SystemRoot\System32\Drivers\Modem.SYS
0xF660A000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF7572000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF79AE000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF7582000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0xF7592000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF75A2000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7822000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xF7972000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7BC8000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF75B2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF797A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF65F3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF75C2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF75D2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF782A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF65E2000 \SystemRoot\system32\DRIVERS\psched.sys
0xF75F2000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7832000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF783A000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7842000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xF65B2000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7602000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF784A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7852000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79B0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6554000 \SystemRoot\system32\DRIVERS\update.sys
0xF7189000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7612000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEE4B9000 \SystemRoot\system32\drivers\sthda.sys
0xEE495000 \SystemRoot\system32\drivers\portcls.sys
0xF7642000 \SystemRoot\system32\drivers\drmk.sys
0xEE2AB000 \SystemRoot\system32\drivers\sigfilt.sys
0xF7169000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF7662000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79B4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF69F0000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF69EC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7672000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF785A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7862000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF69E8000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF7682000 \SystemRoot\System32\Drivers\LEqdUsb.Sys
0xF7692000 \SystemRoot\System32\Drivers\WDFLDR.SYS
0xEE230000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xF79B6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B7F000 \SystemRoot\System32\Drivers\Null.SYS
0xF79B8000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7872000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xF787A000 \SystemRoot\System32\drivers\vga.sys
0xF79BA000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79BC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7882000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF788A000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF69E0000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEE1D5000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEE17C000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEE155000 \SystemRoot\System32\Drivers\Mpfp.sys
0xF76B2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEE12F000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF793E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF76C2000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
0xEE107000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEE0E5000 \SystemRoot\System32\drivers\afd.sys
0xF76D2000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEE0BA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEE04A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xEE017000 \SystemRoot\system32\drivers\mfehidk.sys
0xF76F2000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7B8D000 \SystemRoot\System32\Drivers\LHidEqd.Sys
0xF7892000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xF789A000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xEDF3E000 \SystemRoot\System32\Drivers\Udfs.SYS
0xEDF26000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79C0000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF652A000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7752000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BE5000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF049000 \SystemRoot\System32\ati2cqag.dll
0xBF07D000 \SystemRoot\System32\atikvmag.dll
0xBF0B2000 \SystemRoot\System32\ati3duag.dll
0xBF2F4000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEE425000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF7AC6000 \SystemRoot\System32\DLA\DLADResN.SYS
0xEBE70000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xEBF0E000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF79D6000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xF775A000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xEBE58000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xEBE42000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xEBEB2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEBB35000 \SystemRoot\system32\drivers\wdmaud.sys
0xEBCD2000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA57C000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7A0C000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xF7A0E000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xBA423000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7ACD000 \SystemRoot\System32\Drivers\LBeepKE.sys
0xBA2DB000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA540000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF77F2000 \SystemRoot\system32\drivers\mfebopk.sys
0xB9588000 \SystemRoot\system32\drivers\mfeavfk.sys
0xB933E000 \??\C:\DOCUME~1\atinker\LOCALS~1\Temp\uftdipow.sys
0xB931A000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBA0A7000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xB96C2000 \SystemRoot\system32\drivers\mfesmfk.sys
0xB906F000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 74):
0 System Idle Process
4 System
592 C:\WINDOWS\system32\smss.exe
640 csrss.exe
668 C:\WINDOWS\system32\winlogon.exe
712 C:\WINDOWS\system32\services.exe
724 C:\WINDOWS\system32\lsass.exe
916 C:\WINDOWS\system32\ati2evxx.exe
932 C:\WINDOWS\system32\svchost.exe
988 svchost.exe
1088 C:\WINDOWS\system32\svchost.exe
1200 svchost.exe
1252 svchost.exe
1424 C:\WINDOWS\system32\spoolsv.exe
1732 C:\WINDOWS\explorer.exe
1820 svchost.exe
1860 C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
1872 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1884 C:\Program Files\Bonjour\mDNSResponder.exe
1912 C:\WINDOWS\system32\CTSVCCDA.EXE
1932 C:\WINDOWS\ehome\ehrecvr.exe
1976 C:\WINDOWS\ehome\ehSched.exe
188 C:\WINDOWS\system32\svchost.exe
212 C:\Program Files\Java\jre6\bin\jqs.exe
436 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
568 C:\WINDOWS\ehome\ehtray.exe
576 C:\WINDOWS\stsystra.exe
608 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
620 C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
624 C:\WINDOWS\system32\rundll32.exe
1040 C:\DOCUME~1\atinker\LOCALS~1\Temp\clclean.0001
1048 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
1080 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
1172 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
1368 C:\Program Files\McAfee.com\Agent\mcagent.exe
1400 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1520 C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
1640 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1648 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
1692 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
1880 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1904 C:\WINDOWS\system32\ctfmon.exe
2100 C:\Program Files\McAfee\MPF\MpfSrv.exe
2336 svchost.exe
2484 C:\Program Files\Viewpoint\Common\ViewpointService.exe
2588 C:\WINDOWS\system32\MsPMSPSv.exe
2844 mcrdsvc.exe
2856 C:\Program Files\Digital Line Detect\DLG.exe
3032 C:\Program Files\Logitech\SetPoint\SetPoint.exe
3192 wmpnetwk.exe
3748 C:\WINDOWS\system32\dllhost.exe
3860 C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
1120 alg.exe
1344 C:\WINDOWS\ehome\ehmsas.exe
2620 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
3588 wmiprvse.exe
1476 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
688 C:\WINDOWS\system32\mshta.exe
2656 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
540 C:\WINDOWS\system32\mshta.exe
272 C:\WINDOWS\system32\mshta.exe
524 C:\WINDOWS\system32\mshta.exe
3800 C:\WINDOWS\system32\mshta.exe
2804 C:\WINDOWS\system32\mshta.exe
3696 C:\WINDOWS\system32\mshta.exe
3528 C:\WINDOWS\system32\mshta.exe
4048 C:\WINDOWS\system32\mshta.exe
2520 C:\WINDOWS\system32\mshta.exe
2212 C:\WINDOWS\system32\mshta.exe
208 C:\WINDOWS\system32\mshta.exe
4716 C:\Program Files\Internet Explorer\iexplore.exe
2780 C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
3852 C:\Documents and Settings\atinker\Desktop\MBRCheck.exe
4596 C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800JD-75MSA3, Rev: 10.01E04

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Dell MBR code detected
SHA1: 57BDF501CE769EF2720C705B6C71C893DA31574E


Done!
 
Combfix log

ComboFix 10-10-29.03 - atinker 10/30/2010 8:49.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.467 [GMT -4:00]
Running from: c:\documents and settings\atinker\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\atinker\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\documents and settings\atinker\Application Data\Install.dat
c:\documents and settings\atinker\Local Settings\Application Data\{BEEF54CF-A206-4F41-AA77-E8A2CF5F5A51}
c:\documents and settings\atinker\Local Settings\Application Data\{BEEF54CF-A206-4F41-AA77-E8A2CF5F5A51}\chrome.manifest
c:\documents and settings\atinker\Local Settings\Application Data\{BEEF54CF-A206-4F41-AA77-E8A2CF5F5A51}\chrome\content\_cfg.js
c:\documents and settings\atinker\Local Settings\Application Data\{BEEF54CF-A206-4F41-AA77-E8A2CF5F5A51}\chrome\content\overlay.xul
c:\documents and settings\atinker\Local Settings\Application Data\{BEEF54CF-A206-4F41-AA77-E8A2CF5F5A51}\install.rdf
c:\documents and settings\atinker\Local Settings\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\temp\abW9
c:\windows\run.log
c:\windows\system32\Data
c:\windows\system32\uniq.tll
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_USNJSVC
-------\Service_usnjsvc


((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-30 )))))))))))))))))))))))))))))))
.

2010-10-30 00:14 . 2010-10-30 00:14 -------- d-----w- c:\documents and settings\atinker\Application Data\Malwarebytes
2010-10-30 00:14 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-30 00:14 . 2010-10-30 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-30 00:14 . 2010-10-30 00:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-30 00:14 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-14 00:51 . 2010-10-14 00:51 151552 ----a-w- c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
2010-10-14 00:51 . 2010-10-14 00:51 -------- d-----w- c:\program files\PopCap Games
2010-10-13 21:26 . 2010-10-13 21:26 165 ----a-w- c:\documents and settings\atinker\Application Data\del.bat
2010-10-13 21:07 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-13 21:07 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 21:07 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 21:06 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 16:23 . 2005-08-16 08:18 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2005-08-16 08:18 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2005-08-16 08:18 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2005-08-16 08:18 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16 . 2005-08-16 08:18 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16 . 2005-08-16 08:18 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:16 . 2005-08-16 08:18 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 16:49 . 2005-08-16 08:18 369664 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2005-08-16 08:18 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2005-08-16 08:18 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2005-08-16 08:18 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2005-08-16 08:18 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2005-08-16 08:18 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-05-04 20:47 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2005-08-16 08:18 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2005-08-16 08:18 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2005-08-16 08:18 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-08-06 50472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-25 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"MBMon"="CTMBHA.DLL" [2005-05-19 1345520]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 496752]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-21 24576]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-20 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 18:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-10-18 15:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
2006-06-29 18:17 319488 ----a-w- c:\program files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1156535100\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1156535100\\ee\\aim6.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\atinker\\My Documents\\Quake3\\quake3.exe"=
"c:\\Program Files\\Ruckus Player\\Ruckus.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [1/20/2010 5:20 PM 10384]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/21/2007 11:33 PM 24652]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [6/17/2009 12:55 PM 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [6/17/2009 12:55 PM 10384]
.
Contents of the 'Scheduled Tasks' folder

2010-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 16:22]

2010-10-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\atinker\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\atinker\Application Data\Mozilla\Firefox\Profiles\at0tu0ks.default\
FF - plugin: c:\documents and settings\atinker\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\atinker\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Hdutiwoniqivuxe - c:\windows\a32rfp1n.dll
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
AddRemove-AOLAntivirus - c:\program files\mcafee.com\antivirus\uninst.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-30 08:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2520)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MPFSrv.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\dllhost.exe
c:\windows\stsystra.exe
c:\windows\system32\Rundll32.exe
c:\windows\eHome\ehmsas.exe
c:\docume~1\atinker\LOCALS~1\Temp\clclean.0001
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2010-10-30 09:04:52 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-30 13:04

Pre-Run: 32,102,469,632 bytes free
Post-Run: 32,010,915,840 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - B641DD1FAFB8DD8A1012EACBA4176072
 
Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

======================================================================

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\documents and settings\atinker\Application Data\del.bat


Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=-


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
CombFix log

I uninstalled Viewpoint Manager and Media Player but could not find Viewpoint Toolbar to uninstall.
Here is the ComboFix Log

ComboFix 10-10-29.03 - atinker 10/30/2010 14:27:29.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.508 [GMT -4:00]
Running from: c:\documents and settings\atinker\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\atinker\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\documents and settings\atinker\Application Data\del.bat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\atinker\Application Data\del.bat

.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-30 )))))))))))))))))))))))))))))))
.

2010-10-30 00:14 . 2010-10-30 00:14 -------- d-----w- c:\documents and settings\atinker\Application Data\Malwarebytes
2010-10-30 00:14 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-30 00:14 . 2010-10-30 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-30 00:14 . 2010-10-30 00:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-30 00:14 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-14 00:51 . 2010-10-14 00:51 151552 ----a-w- c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
2010-10-14 00:51 . 2010-10-14 00:51 -------- d-----w- c:\program files\PopCap Games
2010-10-13 21:07 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-13 21:07 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 21:07 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 21:06 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 16:23 . 2005-08-16 08:18 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2005-08-16 08:18 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2005-08-16 08:18 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2005-08-16 08:18 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16 . 2005-08-16 08:18 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16 . 2005-08-16 08:18 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:16 . 2005-08-16 08:18 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 16:49 . 2005-08-16 08:18 369664 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2005-08-16 08:18 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2005-08-16 08:18 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2005-08-16 08:18 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2005-08-16 08:18 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2005-08-16 08:18 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-05-04 20:47 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2005-08-16 08:18 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2005-08-16 08:18 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2005-08-16 08:18 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-08-06 50472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-25 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"MBMon"="CTMBHA.DLL" [2005-05-19 1345520]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 496752]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-21 24576]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-20 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 18:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-10-18 15:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
2006-06-29 18:17 319488 ----a-w- c:\program files\Napster\napster.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1156535100\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1156535100\\ee\\aim6.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\atinker\\My Documents\\Quake3\\quake3.exe"=
"c:\\Program Files\\Ruckus Player\\Ruckus.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [1/20/2010 5:20 PM 10384]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [6/17/2009 12:55 PM 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [6/17/2009 12:55 PM 10384]
.
Contents of the 'Scheduled Tasks' folder

2010-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 16:22]

2010-10-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\atinker\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\atinker\Application Data\Mozilla\Firefox\Profiles\at0tu0ks.default\
FF - plugin: c:\documents and settings\atinker\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\atinker\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-30 14:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2010-10-30 14:37:25
ComboFix-quarantined-files.txt 2010-10-30 18:37
ComboFix2.txt 2010-10-30 13:04

Pre-Run: 32,018,026,496 bytes free
Post-Run: 32,006,422,528 bytes free

- - End Of File - - 72D46CB03DE4A18C7A753869B6EABACA
 
Looks good :)

How is computer doing at the moment?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL log part 1

The computer seems to be working better. I haven't seen any memory warnings for a while. I still get a missing DLL message when the computer boots. I'll try to copy the message and post it.
Here is the log.

OTL logfile created on: 10/30/2010 7:30:06 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\atinker\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 566.00 Mb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.79 Gb Total Space | 29.80 Gb Free Space | 42.70% Space Free | Partition Type: NTFS
Drive D: | 702.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: TINKER | User Name: atinker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/30 19:28:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\atinker\Desktop\OTL.exe
PRC - [2010/10/30 14:43:28 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\atinker\Local Settings\temp\clclean.0001
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/08/06 11:21:06 | 000,050,472 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/08 17:50:56 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2007/07/25 19:11:16 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/08/21 08:03:10 | 000,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2006/05/03 03:12:00 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/15 09:47:22 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/06/10 10:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/03/23 00:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2004/04/07 12:07:34 | 000,496,752 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
PRC - [2004/04/07 12:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2003/10/29 02:06:00 | 000,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe


========== Modules (SafeList) ==========

MOD - [2010/10/30 19:28:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\atinker\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/20 13:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2008/07/25 11:17:20 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/08/21 08:03:10 | 000,069,632 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2004/04/07 12:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 12:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009/06/17 12:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009/06/17 12:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/21 08:10:08 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/07 13:32:58 | 000,024,960 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2005/09/07 13:29:44 | 000,044,288 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/08/04 04:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/06 21:40:48 | 000,180,736 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005/03/25 16:11:00 | 001,350,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sigfilt.sys -- (sigfilt)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/11/17 21:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 21:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 21:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {BEEF54CF-A206-4F41-AA77-E8A2CF5F5A51}:1.9.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/13 20:51:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/30 14:20:17 | 000,000,000 | ---D | M]

[2009/06/29 10:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\atinker\Application Data\Mozilla\Extensions
[2010/10/17 12:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\atinker\Application Data\Mozilla\Firefox\Profiles\at0tu0ks.default\extensions
[2009/09/10 18:28:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\atinker\Application Data\Mozilla\Firefox\Profiles\at0tu0ks.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/17 12:35:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/10 00:02:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/10 00:01:42 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/13 20:51:56 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll

O1 HOSTS File: ([2010/10/30 14:35:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (America Online, Inc)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\atinker\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\atinker\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\atinker\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 30 Days ==========

[2010/10/30 19:28:21 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\atinker\Desktop\OTL.exe
[2010/10/30 08:47:10 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/30 08:43:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/30 08:43:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/30 08:43:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/30 08:43:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/30 08:43:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/30 08:43:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/29 20:14:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\atinker\Application Data\Malwarebytes
[2010/10/29 20:14:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/29 20:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/29 20:14:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/29 20:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/29 19:57:52 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\atinker\Desktop\TFC.exe
[2010/10/21 02:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\atinker\My Documents\digi
[2010/10/13 20:51:56 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games

========== Files - Modified Within 30 Days ==========

[2010/10/30 19:28:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\atinker\Desktop\OTL.exe
[2010/10/30 14:43:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/30 14:43:23 | 000,014,025 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/10/30 14:42:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/30 14:42:23 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/30 14:35:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/30 08:47:15 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2010/10/30 08:39:36 | 003,895,619 | R--- | M] () -- C:\Documents and Settings\atinker\Desktop\ComboFix.exe
[2010/10/30 08:35:33 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\atinker\Desktop\MBRCheck.exe
[2010/10/29 20:36:04 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\atinker\Desktop\m76hnk6o.exe
[2010/10/29 20:14:34 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/29 19:58:01 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\atinker\Desktop\TFC.exe
[2010/10/28 18:21:27 | 000,084,992 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/10/27 00:24:59 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\atinker\Desktop\System Defragmenter.lnk
[2010/10/26 20:04:56 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\atinker\jagex_runescape_preferences2.dat
[2010/10/26 19:53:22 | 000,000,069 | ---- | M] () -- C:\Documents and Settings\atinker\jagex_runescape_preferences.dat
[2010/10/25 17:54:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/25 11:19:22 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/19 12:56:37 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/15 01:11:06 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/10/14 03:31:58 | 000,154,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/14 03:14:31 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/13 20:50:45 | 000,284,184 | ---- | M] () -- C:\Documents and Settings\atinker\Desktop\PopCapPluginInstaller_v2_en.exe
[2010/10/13 17:26:02 | 000,010,053 | ---- | M] () -- C:\WINDOWS\System32\234.js
[2010/10/07 03:05:28 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/07 03:05:28 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/01 01:00:28 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job

========== Files Created - No Company Name ==========

[2010/10/30 08:47:15 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010/10/30 08:47:12 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/30 08:43:36 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/30 08:43:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/30 08:43:36 | 000,084,992 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/30 08:43:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/30 08:43:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/30 08:39:24 | 003,895,619 | R--- | C] () -- C:\Documents and Settings\atinker\Desktop\ComboFix.exe
[2010/10/30 08:35:25 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\atinker\Desktop\MBRCheck.exe
[2010/10/29 20:35:59 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\atinker\Desktop\m76hnk6o.exe
[2010/10/29 20:14:34 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/27 00:24:59 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\atinker\Desktop\System Defragmenter.lnk
[2010/10/13 20:50:45 | 000,284,184 | ---- | C] () -- C:\Documents and Settings\atinker\Desktop\PopCapPluginInstaller_v2_en.exe
[2010/10/13 15:26:23 | 000,010,053 | ---- | C] () -- C:\WINDOWS\System32\234.js
[2008/10/24 22:19:45 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/10/24 22:19:44 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/10/24 22:19:44 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/12/03 03:17:21 | 000,000,551 | ---- | C] () -- C:\WINDOWS\Qiii.INI
[2007/12/03 03:17:21 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Q3version.ini
[2006/08/25 15:27:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/08/25 13:52:58 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\atinker\Local Settings\Application Data\fusioncache.dat
[2006/08/21 08:25:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/21 08:16:21 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/21 08:07:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/21 08:03:39 | 000,005,811 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2006/08/21 07:38:00 | 001,345,520 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
[2006/08/21 07:36:52 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/31 12:11:14 | 000,000,442 | ---- | C] () -- C:\WINDOWS\System32\dlcfplc.ini
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 04:18:33 | 001,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(4).dll
[2005/08/16 04:18:33 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2005/08/16 04:18:33 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
 
OTL log part 2

========== LOP Check ==========

[2008/07/03 16:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2005/08/16 20:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2006/08/30 22:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/10/30 14:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/12 17:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/02/05 21:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/10/15 01:11:06 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/10/01 01:00:28 | 000,000,336 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2005/08/16 04:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/03/30 02:54:19 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2010/10/30 08:47:15 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/10/30 14:37:26 | 000,012,017 | ---- | M] () -- C:\ComboFix.txt
[2005/08/16 04:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/08/21 07:42:56 | 000,006,975 | RH-- | M] () -- C:\dell.sdr
[2010/10/30 14:42:23 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
[2006/08/29 10:07:20 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2007/12/03 03:23:18 | 000,000,174 | ---- | M] () -- C:\INSTALL.LOG
[2005/08/16 04:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2008/09/09 17:58:33 | 000,000,370 | -H-- | M] () -- C:\IPH.PH
[2005/08/16 04:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/10 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/07/08 21:53:27 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/30 14:42:22 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2010/03/09 07:47:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/03/09 12:44:45 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/03/11 21:50:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/03/19 12:40:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/03/28 22:04:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/01/19 20:35:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/01/22 14:08:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/01/23 14:07:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/02/08 15:15:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/02/10 13:29:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/02/11 07:46:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/02/11 13:46:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/02/21 23:12:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/02/22 02:06:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/02/22 18:29:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/02/23 00:56:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/02/28 17:11:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/03/08 13:00:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/03/08 13:04:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/03/09 00:12:23 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/03/09 07:47:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/03/09 12:44:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/03/11 21:50:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/03/19 12:40:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/03/28 22:04:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/01/19 20:35:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/01/22 14:08:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/01/23 14:07:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/02/08 15:15:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/02/10 13:29:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/02/11 07:46:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/02/11 13:46:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/02/21 23:12:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/02/22 02:06:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/02/22 18:29:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/02/23 00:56:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/02/28 17:11:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/03/08 13:00:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/03/08 13:04:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/03/09 00:12:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2006/08/21 08:10:30 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2009/04/25 01:04:19 | 000,000,000 | ---- | M] () -- C:\VETlog.dmp
[2007/11/16 08:48:54 | 000,016,591 | ---- | M] () -- C:\VETlog.txt
[2010/04/12 17:05:12 | 000,000,162 | ---- | M] () -- C:\YServer.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/08/16 04:42:12 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/08/16 04:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/16 04:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/16 04:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/07/08 22:02:27 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
[2004/06/23 11:40:18 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\NetZero - First Month Free!.exe

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/07/08 22:30:59 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\atinker\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/08/16 04:50:28 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\atinker\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/10/30 08:39:36 | 003,895,619 | R--- | M] () -- C:\Documents and Settings\atinker\Desktop\ComboFix.exe
[2008/07/03 16:40:52 | 014,287,528 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\atinker\Desktop\Install_AIM.exe
[2009/08/01 22:40:55 | 001,925,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\atinker\Desktop\install_flash_player.exe
[2010/10/29 20:36:04 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\atinker\Desktop\m76hnk6o.exe
[2010/10/30 08:35:33 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\atinker\Desktop\MBRCheck.exe
[2010/10/30 19:28:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\atinker\Desktop\OTL.exe
[2010/10/13 20:50:45 | 000,284,184 | ---- | M] () -- C:\Documents and Settings\atinker\Desktop\PopCapPluginInstaller_v2_en.exe
[2010/10/29 19:58:01 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\atinker\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2001/01/16 13:20:02 | 000,405,504 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\atinker\My Documents\demo32.exe
[2008/01/16 00:26:21 | 006,026,816 | ---- | M] (Mozilla) -- C:\Documents and Settings\atinker\My Documents\Firefox Setup 2.0.0.11.exe
[2009/02/05 21:17:41 | 069,076,264 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\atinker\My Documents\iTunesSetup.exe
[2000/08/24 13:44:18 | 000,077,824 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\atinker\My Documents\Setup.exe
[2007/01/31 18:38:58 | 000,413,696 | ---- | M] (e-academy Inc.) -- C:\Documents and Settings\atinker\My Documents\VS_Net_2005_Standard_Downloader.exe
[2007/12/03 01:17:00 | 009,479,520 | ---- | M] () -- C:\Documents and Settings\atinker\My Documents\winzip111.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/10 05:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/07/08 22:30:59 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\atinker\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/10/30 19:27:20 | 000,671,744 | ---- | M] () -- C:\Documents and Settings\atinker\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 01:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 01:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 01:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

< End of report >
 
Extras Log

OTL Extras logfile created on: 10/30/2010 7:30:09 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\atinker\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 566.00 Mb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.79 Gb Total Space | 29.80 Gb Free Space | 42.70% Space Free | Partition Type: NTFS
Drive D: | 702.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: TINKER | User Name: atinker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1156535100\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1156535100\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1156535100\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1156535100\ee\aim6.exe:*:Enabled:AIM -- (America Online, Inc.)
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\atinker\My Documents\Quake3\quake3.exe" = C:\Documents and Settings\atinker\My Documents\Quake3\quake3.exe:*:Disabled:quake3 -- ()
"C:\Program Files\Ruckus Player\Ruckus.exe" = C:\Program Files\Ruckus Player\Ruckus.exe:*:Disabled:Ruckus -- ( )
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\StarCraft II\StarCraft II.exe" = C:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\StarCraft II\Versions\Base15405\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{162D2FB8-60A3-4871-B6A1-5C744CD34FF5}" = 725plc32
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Sonic Advanced Decoder
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{56DF5C9E-6392-46D3-B366-297B14E1DAAF}" = Bonjour Core for Windows
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{66F324A1-BDC0-11D7-9E5C-00D0B76A8705}" = Creative NOMAD Jukebox Zen Xtra
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A8F4EF8-160C-4E0F-B32D-92E2313E039B}" = Microsoft Baseline Security Analyzer 2.0
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}" = Andrea VoiceCenter
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EBBE2FB2-FBED-44F6-B95F-230AB5A65B28}" = Goombah Partner COM Server
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_6" = AIM 6
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Creative Jukebox Driver" = Creative Jukebox Driver
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ESPNMotion" = ESPNMotion
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PartyPokerNet" = PartyPokerNet
"PopCap Browser Plugin" = PopCap Browser Plugin
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer Basic
"Ruckus Player" = Ruckus Player
"Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Product Registration
"StarCraft II" = StarCraft II
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Warcraft III" = Warcraft III

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/12/2010 2:58:08 AM | Computer Name = TINKER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/12/2010 2:58:09 AM | Computer Name = TINKER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/12/2010 3:09:33 PM | Computer Name = TINKER | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x7ad00090.

Error - 10/12/2010 3:17:52 PM | Computer Name = TINKER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/12/2010 9:06:08 PM | Computer Name = TINKER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/17/2010 12:24:55 PM | Computer Name = TINKER | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 8.0.2.20, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/25/2010 4:41:42 PM | Computer Name = TINKER | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3648 (0xe40) Thread address : 0x12024A78 Thread message : Build VSCORE.14.0.0.435
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\PROGRAM FILES\MCAFEE\VIRUSSCAN\MCINSUPD.EXE

by System 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0)

5004(0)(0)

Error - 10/27/2010 9:42:03 PM | Computer Name = TINKER | Source = Application Hang | ID = 1002
Description = Hanging application mcshell.exe, version 9.15.160.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/27/2010 9:42:19 PM | Computer Name = TINKER | Source = Application Hang | ID = 1002
Description = Hanging application mcshell.exe, version 9.15.160.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/27/2010 9:43:17 PM | Computer Name = TINKER | Source = Application Hang | ID = 1002
Description = Hanging application mcshell.exe, version 9.15.160.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/7/2010 3:43:34 PM | Computer Name = TINKER | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.100 on
the Network Card with network address 001372E312EC.

Error - 10/8/2010 3:43:37 PM | Computer Name = TINKER | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.100 on
the Network Card with network address 001372E312EC.

Error - 10/10/2010 8:13:57 PM | Computer Name = TINKER | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.100 on
the Network Card with network address 001372E312EC.

Error - 10/14/2010 3:30:40 AM | Computer Name = TINKER | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the mcmscsvc service.

Error - 10/15/2010 6:55:23 AM | Computer Name = TINKER | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.100 for the Network Card with network
address 001372E312EC has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10/16/2010 11:25:38 PM | Computer Name = TINKER | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.100 on
the Network Card with network address 001372E312EC.

Error - 10/17/2010 11:25:41 PM | Computer Name = TINKER | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.100 on
the Network Card with network address 001372E312EC.

Error - 10/18/2010 11:25:47 PM | Computer Name = TINKER | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.100 on
the Network Card with network address 001372E312EC.

Error - 10/21/2010 7:18:47 AM | Computer Name = TINKER | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.100 on
the Network Card with network address 001372E312EC.

Error - 10/22/2010 7:18:50 AM | Computer Name = TINKER | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.100 on
the Network Card with network address 001372E312EC.


< End of report >
 
Missing DLL message is gone

I just rebooted and the missing DLL message is gone.
I'll take that as a good thing.
 
I still get a missing DLL message when the computer boots
Click to expand...
I need to know exact names of missing dlls.

========================================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

======================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\atinker\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
[2010/10/30 14:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2004/06/23 11:40:18 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\NetZero - First Month Free!.exe


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" =-

:Files
C:\*.sqm

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=====================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
OTL Log

I no longer get any missing DLL messages. Here is the OTL log, scans next as I finish them.

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UpdReg deleted successfully.
C:\WINDOWS\Updreg.EXE moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\All Users\Start Menu\NetZero - First Month Free!.exe moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.
========== FILES ==========
C:\sqmdata00.sqm moved successfully.
C:\sqmdata01.sqm moved successfully.
C:\sqmdata02.sqm moved successfully.
C:\sqmdata03.sqm moved successfully.
C:\sqmdata04.sqm moved successfully.
C:\sqmdata05.sqm moved successfully.
C:\sqmdata06.sqm moved successfully.
C:\sqmdata07.sqm moved successfully.
C:\sqmdata08.sqm moved successfully.
C:\sqmdata09.sqm moved successfully.
C:\sqmdata10.sqm moved successfully.
C:\sqmdata11.sqm moved successfully.
C:\sqmdata12.sqm moved successfully.
C:\sqmdata13.sqm moved successfully.
C:\sqmdata14.sqm moved successfully.
C:\sqmdata15.sqm moved successfully.
C:\sqmdata16.sqm moved successfully.
C:\sqmdata17.sqm moved successfully.
C:\sqmdata18.sqm moved successfully.
C:\sqmdata19.sqm moved successfully.
C:\sqmnoopt00.sqm moved successfully.
C:\sqmnoopt01.sqm moved successfully.
C:\sqmnoopt02.sqm moved successfully.
C:\sqmnoopt03.sqm moved successfully.
C:\sqmnoopt04.sqm moved successfully.
C:\sqmnoopt05.sqm moved successfully.
C:\sqmnoopt06.sqm moved successfully.
C:\sqmnoopt07.sqm moved successfully.
C:\sqmnoopt08.sqm moved successfully.
C:\sqmnoopt09.sqm moved successfully.
C:\sqmnoopt10.sqm moved successfully.
C:\sqmnoopt11.sqm moved successfully.
C:\sqmnoopt12.sqm moved successfully.
C:\sqmnoopt13.sqm moved successfully.
C:\sqmnoopt14.sqm moved successfully.
C:\sqmnoopt15.sqm moved successfully.
C:\sqmnoopt16.sqm moved successfully.
C:\sqmnoopt17.sqm moved successfully.
C:\sqmnoopt18.sqm moved successfully.
C:\sqmnoopt19.sqm moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: atinker
->Temp folder emptied: 12482157 bytes
->Temporary Internet Files folder emptied: 9525795 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 1201 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: gtinker
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 21.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: atinker
->Flash cache emptied: 0 bytes

User: Default User

User: gtinker

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.1 log created on 10302010_222209

Files\Folders moved on Reboot...
C:\Documents and Settings\atinker\Local Settings\Temp\clclean.0001.dir.0001\~df394b.tmp moved successfully.
C:\Documents and Settings\atinker\Local Settings\Temp\clclean.0001.dir.0001\~efe2.tmp moved successfully.

Registry entries deleted on Reboot...
 
Security Check error when copying

I tried to download the Security Check but recieved the following message;
Error Copying file or Folder
Cannot copy SecurityCheck{1}: Access is denied
Maker sure the disk is not full or write-protected
and that the file is not currently in use

I deleted the log files that were made during these efforts and did run TFC as it was already on my desktop, rebooted and still can't download it.
I checked and I have about 29 GB of free space.
The drive being full was one of the error messages we would get along with the memory errors before we started cleaning.
 
Security Check log

Figured it out. McAfee was preventing me from opening or saving the file, it thought it was a trojan.

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
McAfee SecurityCenter
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.0.45.2
Adobe Reader 7.0
Out of date Adobe Reader installed!
Mozilla Firefox (3.0.19) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
McAfee VIRUSS~1 mcshield.exe
McAfee VIRUSS~1 mcsysmon.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
 
1. Update Firefox

2. Update IE to at least version 7.

3. Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
On this page:

FoxitReaderInstallation.png


make sure, you have both boxes UN-checked AND (important!) click on Decline button

4. I still need Eset log.
 
ESET Scan Log

C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4144.0.4\setup.exe probably a variant of Win32/Agent.HZHBURL trojan
 
Updates

I did all of the updates.
I still have a program icon on my desktop for System Defragmenter.
Can I unistall it? My son says he didn't install it.
 
Status
Not open for further replies.

Similar threads

D
Mini PCs sold on Amazon contained factory-installed spyware
Replies
16
Views
405
Fastturtle
F
A
Use Rust or C#, abandon C++: Five Eyes agencies warn about memory safety in programming...
Replies
8
Views
406
gamerk2
gamerk2
A
WinRAR's latest release fixes a dangerous RCE security vulnerability
Replies
8
Views
575
ZedRM
ZedRM

Latest posts

Back