Solved Internet searches redirect to unwanted pages

BigSand · Feb 18, 2011

Hello, I've fell victim to my web searches redirecting me to unwanted pages.
I've gone thru the 8 step virus removal steps, and the redirecting still is happening,
but my browser is loading pages faster now.
I'm using McAfee Antivirus Plus, Internet Explorer 8.

These are the logs from the 8 step process.
Thanks for any help, BigSand

==========

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5806

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/18/2011 7:41:15 PM
mbam-log-2011-02-18 (19-41-15).txt

Scan type: Quick scan
Objects scanned: 151233
Time elapsed: 8 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 42
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 31
Files Infected: 124

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BHO.CSBHO (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BHO.CSBHO.1 (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CometAppUtil.CometUIEvents (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CometAppUtil.CometUIEvents.1 (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CometIEToolbar.CometToolbar (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CometIEToolbar.CometToolbar.1 (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Core.CometFrame (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Core.CometFrame.1 (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Core.CometWindow (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Core.CometWindow.1 (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Core.FileInfo (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Core.FileInfo.1 (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Core.System (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Core.System.1 (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CSBand.HorizontalIEBand (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CSBand.HorizontalIEBand.1 (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CSBand.VerticalIEBand (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CSBand.VerticalIEBand.1 (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CSEng.CSEngine (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CSEng.CSEngine.1 (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CSEng.CSHost (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CSEng.CSHost.1 (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CSEng.EvHandler (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CSEng.EvHandler.1 (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CSIP.CSCollection (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CSIP.CSCollection.1 (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CSIP.CSIPDispatch (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CSIP.CSIPDispatch.1 (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CSIP.CSIPPacket (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CSIP.CSIPPacket.1 (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cc2k (Adware.Comet) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} (Adware.MyWebSearch) -> Value: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} (Adware.MyWebSearch) -> Value: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\program files\Comet (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Bin (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Core (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Data (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Install (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\adzap (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\funbutton (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\refbutton (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\relatedsearch (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\screensaver (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\Shared (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\smileytown (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\Travel (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\webbutton (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\addremove (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\License (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\LogQueue (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\Base (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\campaigns (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\campaigns\AdZap (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\listeners (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Temp (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\uninstall (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Update (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\WINDOWS\pragmapaieqqpxpe (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\all users\favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\program files\Comet\Bin\csinstall.exe (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Bin\unins.ico (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Data\csres.dat (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\adzap\1b.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\adzap\1bl.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\adzap\1br.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\adzap\1l.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\adzap\1r.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\adzap\1t.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\adzap\1tl.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\adzap\1tr.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\adzap\adzap.html (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\adzap\adzap.js (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\adzap\adzap.wav (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\adzap\adzap_tb.js (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\adzap\azunins.js (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\adzap\cap1a.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\adzap\cap1b.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\adzap\cap2a.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\adzap\cap2b.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\adzap\cap3a.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\adzap\cap3b.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\adzap\except.xml (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\adzap\header.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\adzap\pubutton.bmp (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\adzap\pubutton_alert.bmp (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\adzap\pubutton_off.bmp (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\adzap\scr_adzap.js (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\adzap\sump.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\adzap\sys_except.xml (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\adzap\zapometer.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\funbutton\funbutton.bmp (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\refbutton\refbutton.bmp (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\refbutton\refbutton.js (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\relatedsearch\related.xml (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\relatedsearch\related.xsl (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\screensaver\screensaver.bmp (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\Shared\autosrch.js (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\Shared\related.js (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\Shared\tbproducts.js (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\smileytown\smileytown.bmp (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\smileytown\smileytown.js (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\smileytown\smileytown.xml (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\Travel\cars.xsl (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\Travel\flights.xsl (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\Travel\hotels.xsl (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\Travel\travel.js (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\Travel\travel_context.xml (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Products\webbutton\webbutton.bmp (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\band.js (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\cnfmgr.js (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\context.js (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\controlpanel.js (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\license.js (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\logging.js (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\masterconfig.xml (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\tbmgr.js (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\toolbar.js (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\update.js (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\utillauncher.js (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\winutil.js (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\addremove\addremove.htm (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\addremove\addremove.js (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\addremove\addremove_cc.js (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\addremove\armask.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\addremove\arskin.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\addremove\cc3.ico (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\addremove\strip.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\addremove\stripend.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\addremove\titlelabel_ar.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\addremove\title_arui.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\License\adzap.lic (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\messaging.js (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\settings.xml (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\Base\1line_left.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\Base\1line_left_mask.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\Base\1line_left_small.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\Base\1line_left_small_mask.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\Base\1line_right.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\Base\1line_right_mask.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\Base\1line_right_small.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\Base\1line_right_small_mask.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\Base\2line_left.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\Base\2line_left_mask.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\Base\2line_left_small.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\Base\2line_left_small_mask.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\Base\2line_right.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\Base\2line_right_mask.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\Base\2line_right_small.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\Base\2line_right_small_mask.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\Base\3line_left.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\Base\3line_left_mask.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\Base\3line_left_small.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\Base\3line_left_small_mask.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\Base\3line_right.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\Base\3line_right_mask.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\Base\3line_right_small.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\Base\3line_right_small_mask.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\Base\defaultbuttonmessage.xml (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\Base\message.js (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\campaigns\AdZap\bandmessage.xml (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\campaigns\AdZap\band_bubble.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\campaigns\AdZap\band_bubble_mask.gif (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\campaigns\AdZap\buttonmessage.xml (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\listeners\adzap_0001.js (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Services\messaging\listeners\travel_0001.js (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Temp\intro.js (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\uninstall\un_adzap.xml (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\uninstall\un_autosearch.xml (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\uninstall\un_errorsearch.xml (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\uninstall\un_funbutton.xml (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\uninstall\un_platform.xml (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\uninstall\un_refbutton.xml (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\uninstall\un_relatedsearch.xml (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\uninstall\un_screensaver.xml (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\uninstall\un_searchassist.xml (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\uninstall\un_smileytown.xml (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\uninstall\un_travel.xml (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\uninstall\un_webbutton.xml (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Update\travelbutton.bmp (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\Comet\Update\un_travelbutton.xml (Adware.Comet) -> Quarantined and deleted successfully.
c:\WINDOWS\pragmapaieqqpxpe\pragmacfg.ini (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\pragmapaieqqpxpe\pragmasrcr.dat (Trojan.DNSChanger) -> Quarantined and deleted successfully.
====================
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-02-18 19:58:08
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 ST380011A rev.8.16
Running: pbcu7uul.exe; Driver: C:\DOCUME~1\Tom\LOCALS~1\Temp\kwloapow.sys

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF84A70E0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF84A70F4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF84A7120]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF84A70CC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF84A70A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF84A70B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF84A710A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF84A714C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF84A7136]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T1L0-17 83365422
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 83365422
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 83365422
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-f 83365422

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST380011A_______________________________8.16____#4a35485635444656202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----
============================

Broni · Feb 19, 2011

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

BigSand · Feb 19, 2011

Searches being redirected

Thank you for your help. Along with my web searches being redirected, also happening is new windows opening up without clicking on anything. Of course, they ultimately want to sell me something.
Here are the other logs requested in the 8 step process.
Thanks, BigSand

DDS (Ver_10-12-12.02) - NTFSx86
Run by Tom at 20:05:15.79 on Fri 02/18/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.196 [GMT -6:00]

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
svchost.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Documents and Settings\Tom\Desktop\Virus Removal Tools\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://m.www.yahoo.com/
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101103132358.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: Starware: {edc4193f-34ad-4d07-aa87-e3fdb89e3e76} - c:\progra~1\comet\bin\csband.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Easy Dock]
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [Easy Dock]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\tom\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {563E7741-AF29-4C3D-9A67-22D07B8521F8} = 206.9.64.100
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-26 386840]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-26 84072]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-26 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-26 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-26 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-26 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-26 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-26 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-26 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-26 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-26 152960]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-26 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-26 88544]
S2 0140671298049203mcinstcleanup;McAfee Application Installer Cleanup (0140671298049203);c:\windows\temp\014067~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\014067~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1c9930c59c2e53d;Google Update Service (gupdate1c9930c59c2e53d);c:\program files\google\update\GoogleUpdate.exe [2009-2-19 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-2-18 38224]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-26 52104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-26 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-26 84264]
S3 o1394bul;o1394bul;\??\c:\docume~1\tom\locals~1\temp\o1394bul.sys --> c:\docume~1\tom\locals~1\temp\o1394bul.sys [?]

=============== Created Last 30 ================

2011-02-19 01:28:33 -------- d-----w- c:\docume~1\tom\applic~1\Malwarebytes
2011-02-19 01:28:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-19 01:28:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-02-19 01:28:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-19 01:28:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-18 16:37:29 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-02-18 16:37:29 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-18 04:05:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer
2011-02-18 04:05:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\nLiAnDm15405
2011-01-21 14:44:37 439296 ------w- c:\windows\system32\dllcache\shimgvw.dll

==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2000-09-24 06:27:18 33554896 -c--a-w- c:\program files\fo-psp7.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST380011A rev.8.16 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x833655DC]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8336b7b8]; MOV EAX, [0x8336b834]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x833CBAB8]
3 CLASSPNP[0xF86C7FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x83381CA8]
\Driver\atapi[0x8330DD10] -> IRP_MJ_CREATE -> 0x833655DC
kernel: MBR read successfully
_asm { CLI ; MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62f; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST380011A_______________________________8.16____#4a35485635444656202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x83365422
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

============= FINISH: 20:08:57.03 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/9/2004 12:35:23 PM
System Uptime: 2/18/2011 7:44:22 PM (1 hours ago)

Motherboard: Dell Computer Corp. | | 0N6381
Processor: Intel(R) Celeron(R) CPU 2.66GHz | Microprocessor | 2660/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 72 GiB total, 47.544 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_413C&PID_5115&MI_03\6&B574F60&0&0003
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_413C&PID_5115&MI_03\6&B574F60&0&0003
Service: USBSTOR

==== System Restore Points ===================

RP1935: 11/21/2010 9:20:50 AM - System Checkpoint
RP1936: 11/22/2010 10:18:23 AM - System Checkpoint
RP1937: 11/23/2010 10:57:32 AM - System Checkpoint
RP1938: 11/24/2010 11:21:26 AM - System Checkpoint
RP1939: 11/25/2010 12:21:26 PM - System Checkpoint
RP1940: 11/26/2010 12:32:25 PM - System Checkpoint
RP1941: 11/27/2010 12:43:20 PM - System Checkpoint
RP1942: 11/28/2010 12:59:52 PM - System Checkpoint
RP1943: 11/29/2010 1:28:33 PM - System Checkpoint
RP1944: 11/30/2010 1:30:12 PM - System Checkpoint
RP1945: 12/1/2010 1:55:44 PM - System Checkpoint
RP1946: 12/2/2010 2:02:12 PM - System Checkpoint
RP1947: 12/3/2010 2:16:43 PM - System Checkpoint
RP1948: 12/4/2010 2:58:56 PM - System Checkpoint
RP1949: 12/5/2010 7:39:18 PM - System Checkpoint
RP1950: 12/6/2010 7:56:38 PM - System Checkpoint
RP1951: 12/7/2010 8:16:38 PM - System Checkpoint
RP1952: 12/8/2010 9:00:01 PM - System Checkpoint
RP1953: 12/9/2010 9:27:23 PM - System Checkpoint
RP1954: 12/11/2010 9:37:31 AM - System Checkpoint
RP1955: 12/12/2010 10:21:49 AM - System Checkpoint
RP1956: 12/13/2010 10:23:58 AM - System Checkpoint
RP1957: 12/14/2010 10:54:05 AM - System Checkpoint
RP1958: 12/15/2010 11:51:30 AM - System Checkpoint
RP1959: 12/15/2010 10:15:09 PM - Software Distribution Service 3.0
RP1960: 12/17/2010 9:06:13 AM - System Checkpoint
RP1961: 12/18/2010 9:21:26 AM - System Checkpoint
RP1962: 12/19/2010 9:42:41 AM - System Checkpoint
RP1963: 12/20/2010 9:54:14 AM - System Checkpoint
RP1964: 12/21/2010 10:18:17 AM - System Checkpoint
RP1965: 12/22/2010 10:28:37 AM - System Checkpoint
RP1966: 12/23/2010 11:43:56 AM - System Checkpoint
RP1967: 12/24/2010 1:10:40 PM - System Checkpoint
RP1968: 12/25/2010 1:15:05 PM - System Checkpoint
RP1969: 12/26/2010 1:56:12 PM - System Checkpoint
RP1970: 12/27/2010 2:48:46 PM - System Checkpoint
RP1971: 12/28/2010 3:29:21 PM - System Checkpoint
RP1972: 12/29/2010 4:11:47 PM - System Checkpoint
RP1973: 12/30/2010 4:53:43 PM - System Checkpoint
RP1974: 12/31/2010 7:31:26 PM - System Checkpoint
RP1975: 1/1/2011 8:16:03 PM - System Checkpoint
RP1976: 1/2/2011 8:33:37 PM - System Checkpoint
RP1977: 1/3/2011 9:18:29 PM - System Checkpoint
RP1978: 1/5/2011 6:42:23 AM - System Checkpoint
RP1979: 1/6/2011 9:38:33 AM - System Checkpoint
RP1980: 1/7/2011 10:06:53 AM - System Checkpoint
RP1981: 1/8/2011 10:17:58 AM - System Checkpoint
RP1982: 1/9/2011 8:22:54 PM - System Checkpoint
RP1983: 1/11/2011 9:46:36 AM - System Checkpoint
RP1984: 1/12/2011 10:31:48 AM - System Checkpoint
RP1985: 1/12/2011 2:00:22 PM - Software Distribution Service 3.0
RP1986: 1/13/2011 2:26:25 PM - System Checkpoint
RP1987: 1/14/2011 3:26:25 PM - System Checkpoint
RP1988: 1/15/2011 4:10:11 PM - System Checkpoint
RP1989: 1/16/2011 4:46:14 PM - System Checkpoint
RP1990: 1/17/2011 7:16:04 PM - System Checkpoint
RP1991: 1/18/2011 8:03:40 PM - System Checkpoint
RP1992: 1/19/2011 8:44:16 PM - System Checkpoint
RP1993: 1/21/2011 8:00:04 AM - System Checkpoint
RP1994: 1/22/2011 9:24:11 AM - System Checkpoint
RP1995: 1/23/2011 10:02:44 AM - System Checkpoint
RP1996: 1/24/2011 10:13:48 AM - System Checkpoint
RP1997: 1/25/2011 10:27:22 AM - System Checkpoint
RP1998: 1/26/2011 11:48:22 AM - System Checkpoint
RP1999: 1/27/2011 12:09:24 PM - System Checkpoint
RP2000: 1/28/2011 1:25:16 PM - System Checkpoint
RP2001: 1/29/2011 1:52:34 PM - System Checkpoint
RP2002: 1/30/2011 2:27:21 PM - System Checkpoint
RP2003: 1/31/2011 2:31:56 PM - System Checkpoint
RP2004: 2/1/2011 3:08:52 PM - System Checkpoint
RP2005: 2/2/2011 4:03:41 PM - System Checkpoint
RP2006: 2/3/2011 4:15:10 PM - System Checkpoint
RP2007: 2/4/2011 4:34:13 PM - System Checkpoint
RP2008: 2/5/2011 8:14:40 PM - System Checkpoint
RP2009: 2/6/2011 8:18:25 PM - System Checkpoint
RP2010: 2/7/2011 9:05:55 PM - System Checkpoint
RP2011: 2/8/2011 9:16:16 PM - System Checkpoint
RP2012: 2/9/2011 9:12:08 AM - Software Distribution Service 3.0
RP2013: 2/10/2011 9:42:53 AM - System Checkpoint
RP2014: 2/11/2011 4:10:11 PM - System Checkpoint
RP2015: 2/12/2011 4:45:05 PM - System Checkpoint
RP2016: 2/13/2011 5:04:26 PM - System Checkpoint
RP2017: 2/14/2011 5:32:11 PM - System Checkpoint
RP2018: 2/15/2011 5:58:28 PM - System Checkpoint
RP2019: 2/16/2011 6:57:04 PM - System Checkpoint
RP2020: 2/17/2011 7:11:30 PM - System Checkpoint
RP2021: 2/18/2011 10:35:31 AM - Restore Operation

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 8.2.6
Apple Application Support
Apple Software Update
ArcSoft Panorama Maker 4
AXIS Media Control Embedded
Banctec Service Agreement
Core FTP Lite 1.3b
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell PC Fax
Dell Photo AIO Printer 926
Dell Picture Studio v3.0
Dell Support Center (Support Software)
Dell System Restore
DellSupport
eMachineShop
ESRI ArcExplorer 2.0
EZ Calendar
Family Tree Maker
Family Tree Maker 2005
G5a922EN
GedHTree Version 2.70
Google Earth
Google Update Helper
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP PhotoSmart 210/215 Camera Software (by ArcSoft)
HP Precisionscan Pro 3.1
HP Share-to-Web
i-detect
i-detect 30-Day Trial
Indeo® software
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_06
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
LandDesigner 3D
Learn2 Player (Uninstall Only)
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MapCreate U.S.A 6.3
McAfee AntiVirus Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2001
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft Office XP Professional with FrontPage
Microsoft Picture It! Express 7.0
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works 2001 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Modem Event Monitor
Modem Helper
Modem On Hold
Move Networks Media Player for Internet Explorer
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
My Way Search Assistant
Nikon Message Center
Nikon Transfer
Ortho® Home Gardener's Problem Solver
OziExplorer 3.95
Paint Shop Pro 7 ESD
PowerDVD 5.3
Quicken 2002 Deluxe
QuickTime
RCA Detective™ 3.0.0.101
RCA easyRip 2.4.2.0
RCA Updater 1.0.4.0
RealPlayer Basic
Savings Bond Wizard
Screensavers Installer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sierra 3D Deck
Sierra Garden Encyclopedia
Sierra Garden Planner
Sierra Interior Design Collection
Sierra Photo Garden Designer
Sierra Photo Home Interiors
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Supercow
TaxACT 2003
TaxACT 2004
TaxACT 2005
TaxACT 2006
TaxACT 2007
TaxACT 2008
TaxACT 2008 Minnesota
TaxACT 2009
TaxACT 2009 Minnesota
TaxACT 2010
TaxACT 2010 Minnesota
TaxACT Minnesota 2004
TaxACT Minnesota 2005
TaxACT Minnesota 2006
TaxACT Minnesota 2007
Uniden Cordless Telephone Customization Tool
Uniden USB to UART Bridge Controller
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
US Airways Caribbean Screen Saver
USB MMC-SD Reader
Viewpoint Media Player
Wave MP3 Editor - Evaluation
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WordPerfect Office 12
Works Suite OS Pack
Works Synchronization
Yahoo! Messenger
Yahoo! Music Jukebox

==== Event Viewer Messages From Past Week ========

2/18/2011 7:52:48 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
2/18/2011 7:52:36 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
2/18/2011 7:51:41 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/18/2011 7:45:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
2/18/2011 7:44:55 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
2/18/2011 7:28:56 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
2/18/2011 6:42:53 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
2/18/2011 6:42:53 PM, error: Service Control Manager [7034] - The dlcx_device service terminated unexpectedly. It has done this 1 time(s).
2/18/2011 6:42:53 PM, error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/18/2011 6:42:53 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/18/2011 6:42:53 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/18/2011 6:42:53 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/18/2011 6:42:53 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/18/2011 10:34:14 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec mfehidk mfetdi2k MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
2/18/2011 10:34:14 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
2/18/2011 10:34:14 AM, error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
2/18/2011 10:34:14 AM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
2/18/2011 10:34:14 AM, error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
2/18/2011 10:34:14 AM, error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
2/18/2011 10:34:14 AM, error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
2/18/2011 10:34:14 AM, error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
2/18/2011 10:34:14 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/18/2011 10:34:14 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/18/2011 10:34:14 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2/18/2011 10:33:51 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2/18/2011 10:28:07 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}

==== End Of File ===========================

Broni · Feb 19, 2011

We have a rootkit there.

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.
Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

BigSand · Feb 19, 2011

TDSSKiller update

Broni, I've just ran TDSSKiller per your request, and the log follows.
I just did a few web searches, and so far, wonderful results.
THANKS!
Is there any particular sites, base on my logs, that I should not
be visiting in the future, or any tips on preventing future
malware, viruses, etc?
Thanks, BigSand

2011/02/19 12:37:40.0937 3008 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/19 12:37:42.0796 3008 ================================================================================
2011/02/19 12:37:42.0796 3008 SystemInfo:
2011/02/19 12:37:42.0796 3008
2011/02/19 12:37:42.0796 3008 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/19 12:37:42.0796 3008 Product type: Workstation
2011/02/19 12:37:42.0796 3008 ComputerName: DJRZ4761
2011/02/19 12:37:42.0796 3008 UserName: Tom
2011/02/19 12:37:42.0796 3008 Windows directory: C:\WINDOWS
2011/02/19 12:37:42.0796 3008 System windows directory: C:\WINDOWS
2011/02/19 12:37:42.0796 3008 Processor architecture: Intel x86
2011/02/19 12:37:42.0796 3008 Number of processors: 1
2011/02/19 12:37:42.0796 3008 Page size: 0x1000
2011/02/19 12:37:42.0796 3008 Boot type: Normal boot
2011/02/19 12:37:42.0796 3008 ================================================================================
2011/02/19 12:37:44.0296 3008 Initialize success
2011/02/19 12:37:56.0703 4044 ================================================================================
2011/02/19 12:37:56.0703 4044 Scan started
2011/02/19 12:37:56.0703 4044 Mode: Manual;
2011/02/19 12:37:56.0703 4044 ================================================================================
2011/02/19 12:37:58.0296 4044 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/02/19 12:37:58.0468 4044 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/19 12:37:58.0671 4044 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/19 12:37:58.0765 4044 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/02/19 12:37:58.0859 4044 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/19 12:37:59.0046 4044 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/19 12:37:59.0203 4044 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/02/19 12:37:59.0375 4044 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/02/19 12:37:59.0468 4044 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/02/19 12:37:59.0562 4044 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/02/19 12:37:59.0703 4044 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/02/19 12:37:59.0828 4044 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/02/19 12:37:59.0953 4044 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/02/19 12:38:00.0046 4044 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/02/19 12:38:00.0203 4044 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/02/19 12:38:00.0390 4044 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/02/19 12:38:00.0546 4044 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/02/19 12:38:00.0718 4044 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/02/19 12:38:00.0812 4044 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/02/19 12:38:00.0921 4044 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/19 12:38:01.0046 4044 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/19 12:38:01.0203 4044 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/19 12:38:01.0328 4044 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/19 12:38:01.0390 4044 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/19 12:38:01.0578 4044 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/02/19 12:38:01.0718 4044 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/19 12:38:01.0921 4044 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/19 12:38:02.0062 4044 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/02/19 12:38:02.0203 4044 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/19 12:38:02.0296 4044 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/19 12:38:02.0468 4044 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/19 12:38:02.0640 4044 cfwids (7e6f7da1c4de5680820f964562548949) C:\WINDOWS\system32\drivers\cfwids.sys
2011/02/19 12:38:02.0921 4044 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/02/19 12:38:03.0109 4044 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/02/19 12:38:03.0218 4044 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/02/19 12:38:03.0328 4044 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/02/19 12:38:04.0062 4044 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/19 12:38:04.0265 4044 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/19 12:38:04.0437 4044 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/19 12:38:04.0609 4044 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/19 12:38:04.0828 4044 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/19 12:38:05.0093 4044 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/02/19 12:38:05.0250 4044 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/19 12:38:05.0359 4044 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/02/19 12:38:05.0453 4044 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/02/19 12:38:05.0656 4044 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/02/19 12:38:05.0843 4044 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/02/19 12:38:05.0968 4044 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/02/19 12:38:06.0171 4044 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/19 12:38:06.0281 4044 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/19 12:38:06.0515 4044 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/19 12:38:06.0687 4044 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/19 12:38:06.0843 4044 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/19 12:38:06.0953 4044 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/19 12:38:07.0046 4044 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/19 12:38:07.0218 4044 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/19 12:38:07.0328 4044 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/19 12:38:07.0515 4044 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/02/19 12:38:07.0703 4044 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/19 12:38:07.0875 4044 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/02/19 12:38:07.0984 4044 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/02/19 12:38:08.0078 4044 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/19 12:38:08.0281 4044 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/02/19 12:38:08.0484 4044 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/19 12:38:08.0609 4044 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/02/19 12:38:08.0812 4044 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2011/02/19 12:38:09.0046 4044 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2011/02/19 12:38:09.0234 4044 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2011/02/19 12:38:09.0406 4044 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/02/19 12:38:09.0593 4044 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/19 12:38:09.0765 4044 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/19 12:38:09.0937 4044 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/19 12:38:10.0031 4044 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/19 12:38:10.0187 4044 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/19 12:38:10.0359 4044 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/19 12:38:10.0515 4044 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/19 12:38:10.0625 4044 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/19 12:38:10.0781 4044 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/19 12:38:10.0953 4044 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/19 12:38:11.0140 4044 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/19 12:38:11.0312 4044 MBAMSwissArmy (d68e165c3123aba3b1282eddb4213bd8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/02/19 12:38:11.0593 4044 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/02/19 12:38:11.0953 4044 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/02/19 12:38:12.0171 4044 mfebopk (19161b1796cf74a6a326abde309062ba) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/02/19 12:38:12.0343 4044 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\WINDOWS\system32\drivers\mfefirek.sys
2011/02/19 12:38:12.0546 4044 mfehidk (0efab2b91b27543fe589de700de07136) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/02/19 12:38:12.0718 4044 mfendisk (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/02/19 12:38:12.0750 4044 mfendiskmp (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/02/19 12:38:12.0843 4044 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\WINDOWS\system32\drivers\mferkdet.sys
2011/02/19 12:38:12.0968 4044 mfetdi2k (e6c5f7aade5a31c057d73201acfe8adf) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2011/02/19 12:38:13.0140 4044 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/19 12:38:13.0312 4044 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/19 12:38:13.0484 4044 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/02/19 12:38:13.0656 4044 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2011/02/19 12:38:13.0734 4044 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/19 12:38:13.0859 4044 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/19 12:38:14.0031 4044 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/19 12:38:14.0140 4044 MR97310_USB_DUAL_CAMERA (1aae79a4176a957bf2bb679812f04655) C:\WINDOWS\system32\DRIVERS\mr97310c.sys
2011/02/19 12:38:14.0250 4044 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/02/19 12:38:14.0437 4044 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/19 12:38:14.0640 4044 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/19 12:38:14.0906 4044 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/19 12:38:15.0062 4044 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/19 12:38:15.0218 4044 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/19 12:38:15.0375 4044 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/19 12:38:15.0531 4044 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/19 12:38:15.0687 4044 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/19 12:38:15.0828 4044 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/19 12:38:16.0015 4044 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/19 12:38:16.0171 4044 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/19 12:38:16.0328 4044 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/19 12:38:16.0484 4044 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/19 12:38:16.0656 4044 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/19 12:38:16.0765 4044 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/19 12:38:16.0953 4044 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/19 12:38:17.0046 4044 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/19 12:38:17.0140 4044 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/19 12:38:17.0265 4044 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/19 12:38:17.0375 4044 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/19 12:38:17.0593 4044 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/19 12:38:17.0843 4044 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/19 12:38:18.0062 4044 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/19 12:38:18.0156 4044 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/19 12:38:18.0515 4044 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/19 12:38:18.0734 4044 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/19 12:38:18.0890 4044 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/19 12:38:18.0984 4044 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/19 12:38:19.0109 4044 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/19 12:38:19.0187 4044 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/19 12:38:19.0671 4044 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/02/19 12:38:19.0781 4044 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/02/19 12:38:20.0015 4044 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/19 12:38:20.0171 4044 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/19 12:38:20.0281 4044 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/19 12:38:20.0375 4044 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/19 12:38:20.0546 4044 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/02/19 12:38:20.0656 4044 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/02/19 12:38:20.0828 4044 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/02/19 12:38:20.0984 4044 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/02/19 12:38:21.0093 4044 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/02/19 12:38:21.0187 4044 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/19 12:38:21.0296 4044 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/19 12:38:21.0406 4044 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/19 12:38:21.0531 4044 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/19 12:38:21.0703 4044 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/19 12:38:21.0859 4044 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/19 12:38:22.0078 4044 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/19 12:38:22.0250 4044 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/19 12:38:22.0406 4044 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/19 12:38:22.0656 4044 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/19 12:38:22.0828 4044 senfilt (9a4c4a4b191200f12085d188be70e4e3) C:\WINDOWS\system32\drivers\senfilt.sys
2011/02/19 12:38:22.0953 4044 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/19 12:38:23.0062 4044 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/19 12:38:23.0156 4044 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/19 12:38:23.0312 4044 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/02/19 12:38:23.0406 4044 slabbus (1b07ad8cce612ac298dd29763d579cda) C:\WINDOWS\system32\DRIVERS\slabbus.sys
2011/02/19 12:38:23.0500 4044 slabser (4d3d895660b22fdaa48e80381870fa8d) C:\WINDOWS\system32\DRIVERS\slabser.sys
2011/02/19 12:38:23.0609 4044 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/02/19 12:38:23.0734 4044 smwdm (479533bacc58b1edf916855bcd139556) C:\WINDOWS\system32\drivers\smwdm.sys
2011/02/19 12:38:23.0859 4044 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/02/19 12:38:24.0015 4044 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/19 12:38:24.0125 4044 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/19 12:38:24.0234 4044 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/19 12:38:24.0406 4044 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/02/19 12:38:24.0593 4044 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/02/19 12:38:24.0765 4044 Stltrk2k (31a9fea9ffafce0f2d1d712cfd6af568) C:\WINDOWS\system32\drivers\Stltrk2k.sys
2011/02/19 12:38:24.0937 4044 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/02/19 12:38:25.0046 4044 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/19 12:38:25.0140 4044 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/19 12:38:25.0265 4044 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/02/19 12:38:25.0421 4044 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/02/19 12:38:25.0515 4044 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/02/19 12:38:25.0625 4044 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/02/19 12:38:25.0718 4044 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/19 12:38:25.0843 4044 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/19 12:38:26.0062 4044 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/19 12:38:26.0218 4044 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/19 12:38:26.0359 4044 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/19 12:38:26.0500 4044 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/02/19 12:38:26.0671 4044 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/02/19 12:38:26.0828 4044 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/02/19 12:38:27.0015 4044 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys
2011/02/19 12:38:27.0187 4044 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/02/19 12:38:27.0343 4044 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/02/19 12:38:27.0515 4044 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/02/19 12:38:27.0687 4044 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/02/19 12:38:27.0875 4044 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/02/19 12:38:28.0093 4044 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/02/19 12:38:28.0281 4044 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/19 12:38:28.0453 4044 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/02/19 12:38:28.0625 4044 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/19 12:38:28.0812 4044 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/19 12:38:28.0968 4044 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/19 12:38:29.0203 4044 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/19 12:38:29.0375 4044 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/19 12:38:29.0531 4044 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/19 12:38:29.0656 4044 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/19 12:38:29.0750 4044 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/19 12:38:29.0953 4044 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/19 12:38:30.0109 4044 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/02/19 12:38:30.0203 4044 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/02/19 12:38:30.0296 4044 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/19 12:38:30.0406 4044 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/19 12:38:30.0609 4044 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/19 12:38:30.0843 4044 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/02/19 12:38:31.0000 4044 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/19 12:38:31.0156 4044 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/02/19 12:38:31.0234 4044 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/02/19 12:38:31.0234 4044 ================================================================================
2011/02/19 12:38:31.0234 4044 Scan finished
2011/02/19 12:38:31.0234 4044 ================================================================================
2011/02/19 12:38:31.0250 2952 Detected object count: 1
2011/02/19 12:38:51.0343 2952 \HardDisk0 - will be cured after reboot
2011/02/19 12:38:51.0343 2952 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/02/19 12:39:04.0406 1208 Deinitialize success

Broni · Feb 19, 2011

Good news

We're not done yet, though.
We have to make sure, your computer is totally clean.

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

BigSand · Feb 19, 2011

Ran MBRCheck and ComboFix

Broni,
I just finished running MBRCheck and ComboFix.
The logs follow.
Am I virus free yet? Thanks for your help. You've
been a life saver!
BigSand

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 185):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF8A37000 \WINDOWS\system32\KDCOM.DLL
0xF8947000 \WINDOWS\system32\BOOTVID.dll
0xF84E8000 ACPI.sys
0xF8A39000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF84D7000 pci.sys
0xF8537000 isapnp.sys
0xF8AFF000 pciide.sys
0xF87B7000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8A3B000 aliide.sys
0xF8A3D000 cmdide.sys
0xF8A3F000 toside.sys
0xF8A41000 viaide.sys
0xF8A43000 intelide.sys
0xF8547000 MountMgr.sys
0xF84B8000 ftdisk.sys
0xF87BF000 PartMgr.sys
0xF8557000 VolSnap.sys
0xF894B000 cpqarray.sys
0xF84A0000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF8488000 atapi.sys
0xF894F000 aha154x.sys
0xF87C7000 sparrow.sys
0xF8953000 symc810.sys
0xF8567000 aic78xx.sys
0xF8957000 dac960nt.sys
0xF8577000 ql10wnt.sys
0xF895B000 amsint.sys
0xF87CF000 asc.sys
0xF895F000 asc3550.sys
0xF87D7000 mraid35x.sys
0xF87DF000 i2omp.sys
0xF8963000 ini910u.sys
0xF8587000 ql1240.sys
0xF8597000 aic78u2.sys
0xF87E7000 symc8xx.sys
0xF87EF000 sym_hi.sys
0xF87F7000 sym_u3.sys
0xF87FF000 ABP480N5.SYS
0xF8807000 asc3350p.sys
0xF8A45000 cd20xrnt.sys
0xF85A7000 ultra.sys
0xF846F000 adpu160m.sys
0xF880F000 dpti2o.sys
0xF85B7000 ql1080.sys
0xF85C7000 ql1280.sys
0xF85D7000 ql12160.sys
0xF8817000 perc2.sys
0xF8A47000 perc2hib.sys
0xF881F000 hpn.sys
0xF8967000 cbidf2k.sys
0xF8443000 dac2w2k.sys
0xF85E7000 disk.sys
0xF85F7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF8423000 fltmgr.sys
0xF8411000 sr.sys
0xF83B4000 mfehidk.sys
0xF839E000 drvmcdb.sys
0xF8607000 PxHelp20.sys
0xF8387000 KSecDD.sys
0xF82FA000 Ntfs.sys
0xF82CD000 NDIS.sys
0xF8617000 sisagp.sys
0xF8627000 viaagp.sys
0xF82B3000 Mup.sys
0xF8637000 agp440.sys
0xF8647000 alim1541.sys
0xF8657000 amdagp.sys
0xF8667000 agpCPQ.sys
0xF86E7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF788A000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF7876000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF88BF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7852000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF88C7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF86F7000 \SystemRoot\system32\DRIVERS\IntelC53.sys
0xF782F000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7708000 \SystemRoot\system32\DRIVERS\IntelC51.sys
0xF7673000 \SystemRoot\system32\DRIVERS\IntelC52.sys
0xF88CF000 \SystemRoot\system32\DRIVERS\mohfilt.sys
0xF88D7000 \SystemRoot\System32\Drivers\Modem.SYS
0xF764D000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF88DF000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF8707000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF88E7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8717000 \SystemRoot\system32\DRIVERS\serial.sys
0xF8273000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7639000 \SystemRoot\system32\DRIVERS\parport.sys
0xF8727000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8A75000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF8737000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8747000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF75F9000 \SystemRoot\system32\drivers\smwdm.sys
0xF75D5000 \SystemRoot\system32\drivers\portcls.sys
0xF8757000 \SystemRoot\system32\drivers\drmk.sys
0xF7577000 \SystemRoot\system32\drivers\senfilt.sys
0xF8BAA000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7563000 \SystemRoot\system32\DRIVERS\mfendisk.sys
0xF8767000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF81B2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF754C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8777000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8787000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF88EF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF753B000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8797000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7517000 \SystemRoot\system32\drivers\mfeavfk.sys
0xF74B9000 \SystemRoot\system32\drivers\mfefirek.sys
0xF88F7000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF88FF000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF87A7000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8907000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8A83000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF7420000 \SystemRoot\system32\DRIVERS\update.sys
0xF79D8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF81EB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7A89000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8A93000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF8A23000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF8283000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF8AA7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8C68000 \SystemRoot\System32\Drivers\Null.SYS
0xF8AA9000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8877000 \SystemRoot\system32\drivers\ssrtln.sys
0xF8887000 \SystemRoot\System32\drivers\vga.sys
0xF8AAB000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8AAD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF888F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8897000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF827B000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEF0D4000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEF07B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEF068000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xEF042000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEF01A000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEEFF8000 \SystemRoot\System32\drivers\afd.sys
0xF86B7000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEEFCD000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEEF35000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF86C7000 \SystemRoot\System32\Drivers\Fips.SYS
0xF86D7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF88B7000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF72E2000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF7418000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF72DE000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7372000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7410000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF72DA000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xEF20A000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEEA36000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8A67000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF828F000 \SystemRoot\System32\drivers\Dxapi.sys
0xEF13F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8B2D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xF7392000 \SystemRoot\system32\drivers\drvnddm.sys
0xF8C3E000 \SystemRoot\system32\dla\tfsndres.sys
0xEE9A8000 \SystemRoot\system32\dla\tfsnifs.sys
0xEF16F000 \SystemRoot\system32\dla\tfsnopio.sys
0xF8A6F000 \SystemRoot\system32\dla\tfsnpool.sys
0xEF12F000 \SystemRoot\system32\dla\tfsnboio.sys
0xEEADE000 \SystemRoot\system32\dla\tfsncofs.sys
0xF8C3F000 \SystemRoot\system32\dla\tfsndrct.sys
0xEE98F000 \SystemRoot\system32\dla\tfsnudf.sys
0xEE976000 \SystemRoot\system32\dla\tfsnudfa.sys
0xEE9E2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEE821000 \SystemRoot\system32\drivers\wdmaud.sys
0xEEA4E000 \SystemRoot\system32\drivers\sysaudio.sys
0xEE2B1000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF8ACF000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xF8AD1000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xEE209000 \SystemRoot\system32\DRIVERS\srv.sys
0xEE312000 \SystemRoot\System32\Drivers\Stltrk2k.SYS
0xEDD1C000 \SystemRoot\System32\Drivers\HTTP.sys
0xEDFF9000 \SystemRoot\system32\drivers\cfwids.sys
0xF8A55000 \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
0xED5DF000 \SystemRoot\system32\drivers\mfeapfk.sys
0xED5B4000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

Processes (total 42):
0 System Idle Process
4 System
936 C:\WINDOWS\SYSTEM32\smss.exe
988 csrss.exe
1012 C:\WINDOWS\SYSTEM32\winlogon.exe
1056 C:\WINDOWS\SYSTEM32\services.exe
1068 C:\WINDOWS\SYSTEM32\lsass.exe
1248 C:\WINDOWS\SYSTEM32\svchost.exe
1336 svchost.exe
1456 C:\WINDOWS\SYSTEM32\svchost.exe
1512 svchost.exe
1608 svchost.exe
1968 C:\WINDOWS\explorer.exe
104 C:\WINDOWS\SYSTEM32\spoolsv.exe
432 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
476 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
496 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
512 C:\WINDOWS\SYSTEM32\hkcmd.exe
528 C:\WINDOWS\SYSTEM32\igfxpers.exe
536 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
544 C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
552 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
580 C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
668 C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
696 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
812 C:\Program Files\McAfee.com\Agent\mcagent.exe
852 C:\Program Files\DellSupport\DSAgnt.exe
880 C:\WINDOWS\SYSTEM32\ctfmon.exe
928 C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
976 C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
1404 svchost.exe
1576 C:\WINDOWS\SYSTEM32\dlcxcoms.exe
1720 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
1820 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
1896 C:\WINDOWS\SYSTEM32\svchost.exe
1936 C:\Program Files\Google\Update\GoogleUpdate.exe
1500 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2056 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
3364 alg.exe
3312 wmiprvse.exe
3768 C:\WINDOWS\SYSTEM32\wscntfy.exe
3088 C:\Documents and Settings\Tom\Desktop\Virus Removal Tools\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)

PhysicalDrive0 Model Number: ST380011A, Rev: 8.16

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Dell MBR code detected
SHA1: 84B95CE8A54B7C5C3AAF149934FC46FB70FF8365

Done!
==================
ComboFix 11-02-19.01 - Tom 02/19/2011 18:26:15.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.287 [GMT -6:00]
Running from: c:\documents and settings\Tom\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Thumbs.db
c:\windows\inf\cc_43.inf
c:\windows\regsvr32.exe

.
((((((((((((((((((((((((( Files Created from 2011-01-20 to 2011-02-20 )))))))))))))))))))))))))))))))
.

2011-02-19 01:28 . 2011-02-19 01:28 -------- d-----w- c:\documents and settings\Tom\Application Data\Malwarebytes
2011-02-19 01:28 . 2011-02-19 01:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-19 01:28 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-19 01:28 . 2011-02-19 01:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-19 01:28 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-18 16:37 . 2011-02-18 16:37 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-18 14:23 . 2011-02-18 14:23 -------- d-----w- c:\documents and settings\LocalService\IETldCache
2011-02-18 04:05 . 2011-02-18 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2011-02-18 04:05 . 2011-02-18 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\nLiAnDm15405
2011-02-18 03:08 . 2011-02-18 03:08 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-01-21 14:44 . 2011-01-21 14:44 439296 ------w- c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-04 11:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-04 11:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-04 11:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-04 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-04 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-04 11:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 11:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-04 11:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-04 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2004-08-04 11:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-04 11:00 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2000-09-24 06:27 . 2000-09-24 06:27 33554896 -c--a-w- c:\program files\fo-psp7.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-24 57344]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-17 28672]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\Tom\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-5-15 479232]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=c:\windows\pss\Billminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=c:\windows\pss\Quicken Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2008-08-13 23:32 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Dock]
2010-02-25 14:02 581632 ----a-w- c:\documents and settings\Tom\My Documents\RCA easyRip\EZDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 02:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2000-07-19 14:00 176183 -c--a-w- c:\program files\Microsoft Money\System\Money Express.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-04-12 02:15 290816 ------w- c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2004-12-06 21:46 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-06-30 19:33 1388544 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 09:25 144784 -c--a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Inc\\Dell Picture Studio v3.0\\launch.exe"=
"c:\\WINDOWS\\SYSTEM32\\USMT\\MIGWIZ.EXE"=
"c:\\Program Files\\CoreFTP\\coreftp.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\dlcxcoms.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\SYSTEM32\DRIVERS\mfetdi2k.sys [8/26/2010 10:49 AM 84072]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/26/2010 10:48 AM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/26/2010 10:48 AM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [8/26/2010 10:48 AM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [8/26/2010 10:49 AM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [8/26/2010 10:49 AM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\SYSTEM32\DRIVERS\cfwids.sys [8/26/2010 10:49 AM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\SYSTEM32\DRIVERS\mfefirek.sys [8/26/2010 10:49 AM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [8/26/2010 10:49 AM 88544]
S2 0140671298049203mcinstcleanup;McAfee Application Installer Cleanup (0140671298049203);c:\windows\TEMP\014067~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\014067~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1c9930c59c2e53d;Google Update Service (gupdate1c9930c59c2e53d);c:\program files\Google\Update\GoogleUpdate.exe [2/19/2009 9:35 PM 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [2/18/2011 7:28 PM 38224]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [8/26/2010 10:49 AM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [8/26/2010 10:49 AM 84264]
S3 o1394bul;o1394bul;\??\c:\docume~1\Tom\LOCALS~1\Temp\o1394bul.sys --> c:\docume~1\Tom\LOCALS~1\Temp\o1394bul.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2011-02-19 c:\windows\Tasks\User_Feed_Synchronization-{D970BD0A-0F5F-4CF1-84FA-3D05B05AC1F1}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://m.www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
TCP: {563E7741-AF29-4C3D-9A67-22D07B8521F8} = 206.9.64.100
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Easy Dock - (no file)
HKLM-Run-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKLM-Run-Easy Dock - (no file)
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
AddRemove-ScreensaversInstaller - c:\program files\Screensavers.com\Installer\bin\siuninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-19 18:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2881188650-3112352510-1338976571-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-02-19 18:49:44
ComboFix-quarantined-files.txt 2011-02-20 00:49

Pre-Run: 50,944,163,840 bytes free
Post-Run: 51,073,155,072 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - EE6EEAA83F1165A8961B8AAD2A460324

Broni · Feb 19, 2011

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

File::
c:\docume~1\Tom\LOCALS~1\Temp\o1394bul.sys


Driver::
o1394bul

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000000

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

BigSand · Feb 20, 2011

Re-ran Combofix with script

Broni,
I re-ran the combofix with the script. The log follows.
Thanks, BigSand

ComboFix 11-02-19.02 - Tom 02/20/2011 9:17.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.259 [GMT -6:00]
Running from: c:\documents and settings\Tom\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tom\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\docume~1\Tom\LOCALS~1\Temp\o1394bul.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_O1394BUL
-------\Service_o1394bul

((((((((((((((((((((((((( Files Created from 2011-01-20 to 2011-02-20 )))))))))))))))))))))))))))))))
.

2011-02-19 01:28 . 2011-02-19 01:28 -------- d-----w- c:\documents and settings\Tom\Application Data\Malwarebytes
2011-02-19 01:28 . 2011-02-19 01:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-19 01:28 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-19 01:28 . 2011-02-19 01:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-19 01:28 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-18 16:37 . 2011-02-18 16:37 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-18 14:23 . 2011-02-18 14:23 -------- d-----w- c:\documents and settings\LocalService\IETldCache
2011-02-18 04:05 . 2011-02-18 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2011-02-18 04:05 . 2011-02-18 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\nLiAnDm15405
2011-02-18 03:08 . 2011-02-18 03:08 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-04 11:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-04 11:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-04 11:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-04 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-04 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-04 11:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 11:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-04 11:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-04 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2004-08-04 11:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-04 11:00 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2000-09-24 06:27 . 2000-09-24 06:27 33554896 -c--a-w- c:\program files\fo-psp7.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-24 57344]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-17 28672]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\Tom\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-5-15 479232]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=c:\windows\pss\Billminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=c:\windows\pss\Quicken Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2008-08-13 23:32 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Dock]
2010-02-25 14:02 581632 ----a-w- c:\documents and settings\Tom\My Documents\RCA easyRip\EZDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 02:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2000-07-19 14:00 176183 -c--a-w- c:\program files\Microsoft Money\System\Money Express.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-04-12 02:15 290816 ------w- c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2004-12-06 21:46 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-06-30 19:33 1388544 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 09:25 144784 -c--a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Inc\\Dell Picture Studio v3.0\\launch.exe"=
"c:\\WINDOWS\\SYSTEM32\\USMT\\MIGWIZ.EXE"=
"c:\\Program Files\\CoreFTP\\coreftp.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\dlcxcoms.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\SYSTEM32\DRIVERS\mfetdi2k.sys [8/26/2010 10:49 AM 84072]
R3 cfwids;McAfee Inc. cfwids;c:\windows\SYSTEM32\DRIVERS\cfwids.sys [8/26/2010 10:49 AM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\SYSTEM32\DRIVERS\mfefirek.sys [8/26/2010 10:49 AM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [8/26/2010 10:49 AM 88544]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [2/18/2011 7:28 PM 38224]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [8/26/2010 10:49 AM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [8/26/2010 10:49 AM 84264]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2011-02-20 c:\windows\Tasks\User_Feed_Synchronization-{D970BD0A-0F5F-4CF1-84FA-3D05B05AC1F1}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://m.www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
TCP: {563E7741-AF29-4C3D-9A67-22D07B8521F8} = 206.9.64.100
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-20 09:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2881188650-3112352510-1338976571-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2816)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Microsoft Office\Office10\msohev.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\dlcxcoms.exe
c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe
c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\progra~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
.
**************************************************************************
.
Completion time: 2011-02-20 09:52:30 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-20 15:52
ComboFix2.txt 2011-02-20 00:49

Pre-Run: 51,050,090,496 bytes free
Post-Run: 50,974,015,488 bytes free

- - End Of File - - FC0AAACDCE50DECBDCA97BBEF52A53AF

Broni · Feb 20, 2011

Well done

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

BigSand · Feb 20, 2011

Ran OTL scan

Brodi, following is the OTL.txt log part 1
(file too large for it's entirely.
Thank you, BigSand

OTL logfile created on: 2/20/2011 12:40:55 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Tom\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 273.00 Mb Available Physical Memory | 54.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.69 Gb Total Space | 47.44 Gb Free Space | 66.18% Space Free | Partition Type: NTFS

Computer Name: DJRZ4761 | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/20 12:35:10 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
PRC - [2010/10/13 21:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/10/13 21:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/09/30 12:10:36 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/15 18:13:10 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2007/03/15 10:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/01/12 10:57:28 | 000,292,336 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
PRC - [2006/11/03 16:04:46 | 000,304,008 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
PRC - [2006/10/11 15:48:50 | 000,532,480 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\dlcxcoms.exe
PRC - [2005/06/10 10:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2001/07/03 08:17:04 | 000,065,536 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2001/07/03 08:11:52 | 000,057,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

========== Modules (SafeList) ==========

MOD - [2011/02/20 12:35:10 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (0140671298049203mcinstcleanup) McAfee Application Installer Cleanup (0140671298049203)
SRV - [2010/10/13 21:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 21:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/10/11 15:48:50 | 000,532,480 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\dlcxcoms.exe -- (dlcx_device)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/10/13 21:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 21:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 21:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 21:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 21:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 21:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 21:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 21:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 21:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cfwids.sys -- (cfwids)
DRV - [2010/10/13 21:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/05/31 04:33:00 | 000,100,605 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/05/31 04:33:00 | 000,098,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/05/31 04:33:00 | 000,086,876 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/05/31 04:33:00 | 000,034,845 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/05/31 04:33:00 | 000,025,725 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/05/31 04:33:00 | 000,015,069 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/05/31 04:33:00 | 000,006,365 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/05/31 04:33:00 | 000,004,125 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/05/31 04:33:00 | 000,002,241 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2005/05/13 09:37:28 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2005/05/13 09:37:20 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2005/04/22 02:22:00 | 000,088,352 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2005/04/21 01:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/12/06 15:46:10 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/11/20 14:32:06 | 000,082,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\slabser.sys -- (slabser)
DRV - [2004/11/20 14:32:06 | 000,051,040 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\slabbus.sys -- (slabbus) Uniden USB Composite Device driver (WDM)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/06/15 22:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/04/26 09:49:56 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2002/12/13 02:06:40 | 000,129,875 | R--- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [2002/01/24 10:23:40 | 000,013,545 | ---- | M] (SCM Microsystems Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\STLTRK2K.sys -- (Stltrk2k)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2881188650-3112352510-1338976571-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKU\S-1-5-21-2881188650-3112352510-1338976571-1006\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2881188650-3112352510-1338976571-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2881188650-3112352510-1338976571-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/02/19 13:35:25 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/02/20 09:35:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101103132358.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKU\S-1-5-21-2881188650-3112352510-1338976571-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DLCXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-2881188650-3112352510-1338976571-1006..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Tom\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2881188650-3112352510-1338976571-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2881188650-3112352510-1338976571-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2881188650-3112352510-1338976571-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2881188650-3112352510-1338976571-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/12/15 19:20:58 | 000,000,000 | ---D | M] - C:\Automotive Painting -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\Ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\Ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\Ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\SERWVDRV.DLL (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/02/20 12:35:00 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
[2011/02/20 09:52:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/02/20 09:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/02/19 18:23:06 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/02/19 18:17:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/02/19 18:17:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/02/19 18:17:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/02/19 18:17:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/02/19 18:16:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/02/19 18:16:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/19 09:03:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Desktop\AC Heating
[2011/02/18 19:28:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Malwarebytes
[2011/02/18 19:28:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/18 19:28:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/18 19:28:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/02/18 19:28:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/18 19:28:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/18 19:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Desktop\Virus Removal Tools
[2011/02/17 22:05:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/02/17 22:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nLiAnDm15405
[2011/02/17 21:08:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/02/17 21:08:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/02/05 21:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\My Documents\TaxACT 2010
[2009/12/01 10:16:37 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhcp.dll
[2009/12/01 10:16:36 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxinpa.dll
[2009/12/01 10:16:36 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxiesc.dll
[2009/12/01 10:16:35 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxusb1.dll
[2009/12/01 10:16:34 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxserv.dll
[2009/12/01 10:16:34 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxprox.dll
[2009/12/01 10:16:34 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpplc.dll
[2009/12/01 10:16:33 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpmui.dll
[2009/12/01 10:16:33 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxlmpm.dll
[2009/12/01 10:16:31 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhbn3.dll
[2009/12/01 10:16:28 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomc.dll
[2009/12/01 10:16:28 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomm.dll
[2000/09/24 00:27:18 | 033,554,896 | ---- | C] (Installshield Software Corporation) -- C:\Program Files\fo-psp7.exe

========== Files - Modified Within 30 Days ==========

[2011/02/20 12:35:10 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
[2011/02/20 11:09:53 | 000,214,960 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Type M copper pipe.mht
[2011/02/20 10:29:14 | 011,461,409 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\C'aire VC410822-95V2 Specs.mht
[2011/02/20 09:36:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/02/20 09:35:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/02/20 09:35:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/02/20 09:35:07 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/20 09:12:06 | 004,271,240 | R--- | M] () -- C:\Documents and Settings\Tom\Desktop\ComboFix.exe
[2011/02/19 20:47:12 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D970BD0A-0F5F-4CF1-84FA-3D05B05AC1F1}.job
[2011/02/19 19:35:46 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/19 19:28:37 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2011/02/19 18:23:13 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2011/02/19 17:14:04 | 000,000,220 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Internet searches redirect to unwanted pages - TechSpot#post1007290.url
[2011/02/19 11:56:36 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/19 09:05:10 | 003,499,214 | R--- | M] () -- C:\My Money Backup.mbf
[2011/02/19 09:05:10 | 003,497,984 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\My Money.mny
[2011/02/18 08:00:16 | 000,000,444 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/02/10 08:25:05 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/02/09 18:35:24 | 000,004,908 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Jeep Bill.rtf
[2011/02/09 12:26:05 | 000,228,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/09 09:20:57 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/09 08:44:56 | 000,000,061 | ---- | M] () -- C:\WINDOWS\TaxACT10.ini
[2011/02/08 19:38:31 | 000,000,082 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
[2011/02/07 14:15:52 | 000,000,931 | ---- | M] () -- C:\WINDOWS\System32\msxkwn.vxp
[2011/02/05 21:29:46 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TaxACT 2010.lnk
[2011/02/05 17:40:19 | 000,000,061 | ---- | M] () -- C:\WINDOWS\TaxACT09.ini

========== Files Created - No Company Name ==========

[2011/02/20 11:09:51 | 000,214,960 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Type M copper pipe.mht
[2011/02/20 10:28:57 | 011,461,409 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\C'aire VC410822-95V2 Specs.mht
[2011/02/19 18:23:12 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/02/19 18:23:08 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/02/19 18:17:09 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/19 18:17:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/19 18:17:09 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/19 18:17:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/19 18:17:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/19 18:00:42 | 004,271,240 | R--- | C] () -- C:\Documents and Settings\Tom\Desktop\ComboFix.exe
[2011/02/19 17:14:04 | 000,000,220 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Internet searches redirect to unwanted pages - TechSpot#post1007290.url
[2011/02/18 10:39:43 | 534,827,008 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/18 08:27:53 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/18 08:00:16 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/02/10 08:25:05 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/02/09 14:42:56 | 000,004,908 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Jeep Bill.rtf
[2011/02/05 21:29:45 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TaxACT 2010.lnk
[2011/02/05 21:29:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT10.ini
[2010/01/29 18:41:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT09.ini
[2009/12/01 10:35:24 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/12/01 10:35:24 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\41EAAFFA1C.sys
[2009/12/01 10:26:33 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcxvs.dll
[2009/12/01 10:26:28 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlcxcoin.dll
[2009/12/01 10:18:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLPRMON.DLL
[2009/12/01 10:18:10 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLPMONUI.DLL
[2009/12/01 10:16:37 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\dlcxinst.dll
[2009/12/01 10:16:35 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\dlcxutil.dll
[2009/12/01 10:16:32 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsb.dll
[2009/12/01 10:16:32 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxins.dll
[2009/12/01 10:16:32 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlcxjswr.dll
[2009/12/01 10:16:32 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsr.dll
[2009/12/01 10:16:30 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcxgrd.dll
[2009/12/01 10:16:29 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcxcub.dll
[2009/12/01 10:16:29 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcu.dll
[2009/12/01 10:16:29 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcxcur.dll
[2009/01/30 15:10:01 | 000,000,075 | ---- | C] () -- C:\WINDOWS\TaxACT08.ini
[2008/04/16 16:43:56 | 000,000,221 | ---- | C] () -- C:\WINDOWS\SOFTEK.INI
[2008/01/23 21:15:55 | 000,000,074 | ---- | C] () -- C:\WINDOWS\TaxACT07.ini
[2007/12/23 19:50:27 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Tom\Application Data\Sounds
[2007/12/23 19:50:27 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2007/01/21 19:55:08 | 000,000,141 | ---- | C] () -- C:\WINDOWS\TaxACT06.ini
[2006/12/23 09:08:39 | 000,000,087 | ---- | C] () -- C:\WINDOWS\Santas Workshop.ini
[2006/11/09 15:14:37 | 000,000,059 | ---- | C] () -- C:\WINDOWS\LTDLGFILE14N.INI
[2006/09/22 05:42:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcxcaps.dll
[2006/09/06 04:13:14 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcfg.dll
[2006/08/25 19:21:40 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.dll
[2006/08/08 13:58:04 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\dlcxdrs.dll
[2006/03/19 18:03:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcxcnv4.dll
[2006/02/15 20:17:35 | 000,000,073 | ---- | C] () -- C:\WINDOWS\APOapp.INI
[2006/02/15 20:16:21 | 000,000,091 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2006/02/15 20:13:12 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2006/02/15 20:13:12 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2006/02/12 11:34:57 | 000,000,128 | ---- | C] () -- C:\WINDOWS\TaxACT05.ini
[2005/08/15 15:38:07 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/04/25 08:02:50 | 000,006,093 | ---- | C] () -- C:\WINDOWS\pi2000.ini
[2005/04/25 07:51:20 | 000,000,021 | ---- | C] () -- C:\WINDOWS\arcsuite.ini
[2005/03/26 06:55:37 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/01/31 19:42:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2005/01/31 19:42:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2005/01/31 18:57:35 | 000,001,081 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/01/31 18:57:35 | 000,000,749 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2005/01/28 09:59:38 | 000,000,127 | ---- | C] () -- C:\WINDOWS\TaxACT04.ini
[2005/01/15 19:25:33 | 000,000,098 | ---- | C] () -- C:\WINDOWS\TaxACT03.ini
[2005/01/14 14:32:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/11 19:33:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/12/31 19:39:51 | 000,000,213 | ---- | C] () -- C:\WINDOWS\btw.ini
[2004/12/31 19:39:50 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\MVCL13N.DLL
[2004/12/31 19:36:45 | 000,000,057 | ---- | C] () -- C:\WINDOWS\VDECK.INI
[2004/12/31 19:31:18 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2004/12/31 19:29:18 | 000,001,405 | ---- | C] () -- C:\WINDOWS\viewer.ini
[2004/12/31 19:29:15 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2004/12/31 19:29:02 | 000,023,076 | ---- | C] () -- C:\WINDOWS\System32\LANDDLL2.DLL
[2004/12/31 19:28:55 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2004/12/31 19:28:40 | 000,000,806 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/12/30 09:52:53 | 000,002,805 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/12/29 15:30:23 | 000,000,225 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2004/12/29 15:11:48 | 000,014,544 | ---- | C] () -- C:\WINDOWS\HORSES.DLL
[2004/12/13 09:13:54 | 000,000,291 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2004/12/11 17:11:09 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2004/12/11 09:20:51 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/12/09 13:24:31 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\PFP120JPR.{PB
[2004/12/09 13:24:31 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\PFP120JCM.{PB
[2004/12/09 12:49:25 | 000,000,882 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/12/06 15:48:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/06 15:42:03 | 000,000,478 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/12/06 15:12:08 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 22:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:13:12 | 000,000,882 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 13:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/04 05:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/04/20 11:08:08 | 000,000,276 | ---- | C] () -- C:\WINDOWS\System32\DLBTPLC.INI
[2001/08/13 19:09:48 | 000,659,520 | ---- | C] () -- C:\WINDOWS\System32\vbid3lib.dll
[2000/09/24 12:08:16 | 000,004,750 | ---- | C] () -- C:\Program Files\fosi.nfo
[2000/09/24 12:03:52 | 000,000,388 | ---- | C] () -- C:\Program Files\file_id.diz
[2000/04/14 15:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1998/06/11 13:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[1980/01/01 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

BigSand · Feb 20, 2011

OTL.txt part 2

========== LOP Check ==========

[2007/12/23 19:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/02/10 16:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2007/12/23 19:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2011/02/18 10:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nLiAnDm15405
[2004/12/27 17:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softdisk LLC
[2007/12/23 19:50:27 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data\Specifications
[2007/12/14 17:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/02/17 22:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2007/12/23 19:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2004/12/06 15:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/02/23 21:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2007/11/29 15:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2005/01/15 10:35:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\CoreFTP
[2010/01/04 22:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\eMachineShop
[2005/01/19 15:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\FTW
[2004/12/09 21:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Leadertech
[2007/01/09 15:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Musicmatch
[2008/02/03 16:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Nikon
[2010/01/04 22:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\PGP
[2008/01/07 22:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Super-Cow
[2010/11/10 18:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Template
[2007/01/28 20:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Viewpoint
[2011/02/19 20:47:12 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D970BD0A-0F5F-4CF1-84FA-3D05B05AC1F1}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/02/05 18:42:30 | 002,307,114 | ---- | M] () -- C:\00.bmp
[2006/02/15 20:20:41 | 000,009,657 | ---- | M] () -- C:\005.jpg
[2005/02/21 08:30:39 | 000,133,480 | ---- | M] () -- C:\30yrreunion.rtf
[2005/04/19 17:15:35 | 000,039,424 | ---- | M] () -- C:\30yrreunion4-15.xls
[2006/05/02 10:10:00 | 000,008,011 | ---- | M] () -- C:\5352T-16.aux
[2006/04/20 00:54:00 | 000,000,126 | ---- | M] () -- C:\5352T-16.sdw
[2008/11/16 08:42:44 | 009,048,792 | ---- | M] () -- C:\5352T-16.sid
[2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/04 06:36:38 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/02/19 18:23:13 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/02/20 09:52:34 | 000,014,659 | ---- | M] () -- C:\ComboFix.txt
[2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/10/04 07:01:05 | 000,000,087 | ---- | M] () -- C:\data.txt
[2004/12/06 15:16:02 | 000,004,517 | RH-- | M] () -- C:\DELL.SDR
[2009/12/01 09:54:15 | 000,000,360 | ---- | M] () -- C:\dlbt.log
[2011/02/19 15:29:23 | 000,022,325 | ---- | M] () -- C:\dlcx.log
[2010/12/13 21:40:46 | 000,003,455 | ---- | M] () -- C:\Early Nelson P1.jpg
[2007/05/06 12:28:28 | 000,034,816 | ---- | M] () -- C:\Goodbye.doc
[2011/02/20 09:35:07 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
[2004/08/10 13:14:36 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2004/12/06 15:46:48 | 000,000,746 | -H-- | M] () -- C:\IPH.PH
[2009/08/17 18:13:16 | 000,001,096 | ---- | M] () -- C:\Live Updater_log.txt
[2010/09/06 20:22:39 | 000,000,000 | ---- | M] () -- C:\Log.txt
[2007/05/31 07:15:59 | 000,028,160 | ---- | M] () -- C:\Moving Expenses.doc
[2007/11/27 09:29:15 | 000,000,168 | ---- | M] () -- C:\mpecu.txt
[2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2011/02/19 09:05:10 | 003,499,214 | R--- | M] () -- C:\My Money Backup.mbf
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/27 12:31:59 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2011/02/20 09:35:05 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2008/02/13 14:27:32 | 001,462,000 | ---- | M] () -- C:\sbwsetup.exe
[2008/01/07 22:21:35 | 030,113,792 | ---- | M] () -- C:\SupercowSetup.exe
[2004/12/06 15:47:02 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2011/02/19 12:39:04 | 000,054,156 | ---- | M] () -- C:\TDSSKiller.2.4.17.0_19.02.2011_12.37.40_log.txt
[2010/09/19 16:35:14 | 000,065,100 | ---- | M] () -- C:\teel1.jpg
[2008/05/14 06:56:01 | 000,000,146 | ---- | M] () -- C:\YServer.txt
[2007/01/16 15:39:24 | 000,056,624 | -H-- | M] () -- C:\ZbThumbnail.info

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/10 13:03:42 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\DESKTOP.INI

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/10/19 23:33:26 | 000,117,760 | ---- | M] () -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\dlcxdrpp.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >
[2005/08/13 12:06:29 | 000,031,540 | ---- | M] () -- C:\WINDOWS\2005 Hrvt fest.JPG
[2005/03/19 20:06:10 | 000,016,782 | ---- | M] () -- C:\WINDOWS\bobcat.JPG
[2006/10/07 20:46:42 | 000,050,359 | ---- | M] () -- C:\WINDOWS\dog.jpg
[2006/11/03 09:03:43 | 000,030,868 | ---- | M] () -- C:\WINDOWS\dog11.jpg
[2005/11/19 23:37:11 | 000,026,398 | ---- | M] () -- C:\WINDOWS\jessie.JPG
[2005/11/19 23:38:32 | 000,028,001 | ---- | M] () -- C:\WINDOWS\jessie1.JPG
[2009/05/17 05:39:32 | 000,159,705 | ---- | M] () -- C:\WINDOWS\pond stream.jpg
[2006/12/15 10:46:41 | 000,370,946 | ---- | M] () -- C:\WINDOWS\RedneckTimeOut.jpg
[2008/02/09 13:26:40 | 000,019,406 | ---- | M] () -- C:\WINDOWS\Remer 1950's.JPG
[2007/03/21 05:47:56 | 000,049,765 | ---- | M] () -- C:\WINDOWS\Remer Motel.JPG
[2005/09/03 18:18:13 | 000,067,943 | ---- | M] () -- C:\WINDOWS\steam tractor.JPG
[2005/09/03 18:18:50 | 000,067,963 | ---- | M] () -- C:\WINDOWS\steam tractor1.JPG
[2006/05/06 18:59:38 | 000,029,123 | ---- | M] () -- C:\WINDOWS\vicki.JPG
[2006/09/06 16:13:39 | 000,051,128 | ---- | M] () -- C:\WINDOWS\vickis boyfriend.JPG

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2004/12/13 09:13:52 | 000,466,944 | ---- | M] () -- C:\WINDOWS\Christmas Dreams.scr
[2004/12/27 17:25:38 | 000,249,856 | ---- | M] ( ) -- C:\WINDOWS\US Airways Caribbean.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2000/09/24 12:03:52 | 000,000,388 | ---- | M] () -- C:\Program Files\file_id.diz
[2000/09/24 00:27:18 | 033,554,896 | ---- | M] (Installshield Software Corporation) -- C:\Program Files\fo-psp7.exe
[2000/09/24 12:08:16 | 000,004,750 | ---- | M] () -- C:\Program Files\fosi.nfo

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/10 12:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2004/08/10 12:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2004/08/10 12:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/08/27 12:39:45 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\DESKTOP.INI

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2004/12/09 12:37:03 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI
[2004/08/10 13:08:38 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/02/20 09:12:06 | 004,271,240 | R--- | M] () -- C:\Documents and Settings\Tom\Desktop\ComboFix.exe
[2011/02/20 12:35:10 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/04 05:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\FXSEXT.ECF

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2004/12/09 12:37:02 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Tom\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2009/02/27 09:02:31 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Tom\Cookies\desktop.ini
[2011/02/20 12:30:30 | 000,868,352 | ---- | M] () -- C:\Documents and Settings\Tom\Cookies\INDEX.DAT

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\INF\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 18:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\LOGOWIN.GIF
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\LVBACK.GIF
[2008/05/02 08:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 11:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 18:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 01:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\NEWALERT.WAV
[2004/08/04 01:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\NEWEMAIL.WAV
[2004/08/04 01:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\ONLINE.WAV
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\TYPE.WAV
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\XPMSGR.CHM

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1996/08/27 02:12:00 | 000,004,176 | R--- | M] (Apple Computer, Inc.) -- C:\WINDOWS\SYSTEM\QTNOTIFY.EXE

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\5352T-16.sid:SummaryInformation

< End of report >

BigSand · Feb 20, 2011

OTL Extras.txt

OTL Extras logfile created on: 2/20/2011 12:40:55 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Tom\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 273.00 Mb Available Physical Memory | 54.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.69 Gb Total Space | 47.44 Gb Free Space | 66.18% Space Free | Partition Type: NTFS

Computer Name: DJRZ4761 | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled

xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled

xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled

xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled

xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell Inc\Dell Picture Studio v3.0\launch.exe" = C:\Program Files\Dell Inc\Dell Picture Studio v3.0\launch.exe:*

isabled:Jasc Paint Shop Photo Album 5 Application -- (Jasc Software)
"C:\WINDOWS\SYSTEM32\USMT\MIGWIZ.EXE" = C:\WINDOWS\SYSTEM32\USMT\MIGWIZ.EXE:*

isabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\CoreFTP\coreftp.exe" = C:\Program Files\CoreFTP\coreftp.exe:*:Enabled:Core FTP App -- (Core FTP)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*

isabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox -- (Yahoo! Inc.)
"C:\WINDOWS\SYSTEM32\dlcxcoms.exe" = C:\WINDOWS\SYSTEM32\dlcxcoms.exe:*:Enabled

ell 926 Server -- ( )
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1344A4F3-6362-4059-B4F6-E01EABD04B75}" = Wave MP3 Editor - Evaluation
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35AD3ED1-6708-4850-A809-9AA8C35BC36C}" = LandDesigner 3D
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{369B36BE-3D64-4641-9AEA-808D436FE130}" = Microsoft Picture It! Express 7.0
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}" = Microsoft Works Suite Add-in for Microsoft Word
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}" = HP Precisionscan Pro 3.1
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{A3E77D20-647C-40E2-B69B-C120D4D58190}" = G5a922EN
"{A53AB16A-8DC1-11D6-B494-008048C29C40}" = USB MMC-SD Reader
"{A850DE1D-279E-420C-8AA0-CDA32ABBBC43}" = Uniden Cordless Telephone Customization Tool
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B136E4A4-7660-4F15-9752-EF8E6BA7866D}" = Family Tree Maker 2005
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D085A1B6-90A4-11D3-82B7-00C04FA309DE}" = Microsoft Money 2001
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 ESD
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{EFBF0C90-1254-4951-A957-CB452371187E}" = MapCreate U.S.A 6.3
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
"3D Deck" = Sierra 3D Deck
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ArcExplorer 2.0" = ESRI ArcExplorer 2.0
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"Core FTP Lite 1.3b" = Core FTP Lite 1.3b
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell PC Fax" = Dell PC Fax
"Dell Photo AIO Printer 926" = Dell Photo AIO Printer 926
"eMachineShop_is1" = eMachineShop
"EZ Calendar" = EZ Calendar
"FTW" = Family Tree Maker
"Garden Encyclopedia" = Sierra Garden Encyclopedia
"Garden Planner" = Sierra Garden Planner
"GedHTree Version 2.70" = GedHTree Version 2.70
"HP PhotoSmart 210/215 Camera Software" = HP PhotoSmart 210/215 Camera Software (by ArcSoft)
"i-detect" = i-detect
"i-detect 30-Day Trial" = i-detect 30-Day Trial
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Indeo® software" = Indeo® software
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSC" = McAfee AntiVirus Plus
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Ortho® Home Gardener's Problem Solver" = Ortho® Home Gardener's Problem Solver
"OziExplorer 3.95_is1" = OziExplorer 3.95
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"Quicken 2002 Deluxe" = Quicken 2002 Deluxe
"RCA Detective™_is1" = RCA Detective™ 3.0.0.101
"RCA easyRip_is1" = RCA easyRip 2.4.2.0
"RCA Updater_is1" = RCA Updater 1.0.4.0
"RealPlayer 6.0" = RealPlayer Basic
"Savings Bond Wizard" = Savings Bond Wizard
"Sierra Interior Design Collection" = Sierra Interior Design Collection
"Sierra Photo Garden Designer" = Sierra Photo Garden Designer
"Sierra Photo Home Interiors" = Sierra Photo Home Interiors
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Supercow_is1" = Supercow
"TaxACT 2003" = TaxACT 2003
"TaxACT 2004" = TaxACT 2004
"TaxACT 2005" = TaxACT 2005
"TaxACT 2006" = TaxACT 2006
"TaxACT 2007" = TaxACT 2007
"TaxACT 2008" = TaxACT 2008
"TaxACT 2008 Minnesota" = TaxACT 2008 Minnesota
"TaxACT 2009" = TaxACT 2009
"TaxACT 2009 Minnesota" = TaxACT 2009 Minnesota
"TaxACT 2010" = TaxACT 2010
"TaxACT 2010 Minnesota" = TaxACT 2010 Minnesota
"TaxACT Minnesota 2004" = TaxACT Minnesota 2004
"TaxACT Minnesota 2005" = TaxACT Minnesota 2005
"TaxACT Minnesota 2006" = TaxACT Minnesota 2006
"TaxACT Minnesota 2007" = TaxACT Minnesota 2007
"UAC1COMM&10C4&805A" = Uniden USB to UART Bridge Controller
"US Airways Caribbean" = US Airways Caribbean Screen Saver
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2001Setup" = Microsoft Works 2001 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2881188650-3112352510-1338976571-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/29/2011 8:12:40 PM | Computer Name = DJRZ4761 | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 9.0.0.2162, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/29/2011 8:13:10 PM | Computer Name = DJRZ4761 | Source = Application Hang | ID = 1001
Description = Fault bucket 1293692381.

Error - 2/13/2011 10:23:26 AM | Computer Name = DJRZ4761 | Source = Application Error | ID = 1000
Description = Faulting application dlcxaiox.exe, version 4.22.0.8, faulting module
dlcxdrs.dll, version 0.1.25.0, fault address 0x0003a3b4.

Error - 2/13/2011 10:23:35 AM | Computer Name = DJRZ4761 | Source = Application Error | ID = 1001
Description = Fault bucket 492024363.

Error - 2/13/2011 10:55:11 AM | Computer Name = DJRZ4761 | Source = Application Hang | ID = 1002
Description = Hanging application dlcxaiox.exe, version 4.22.0.8, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/17/2011 11:59:02 PM | Computer Name = DJRZ4761 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x7c922235.

Error - 2/17/2011 11:59:37 PM | Computer Name = DJRZ4761 | Source = Application Error | ID = 1001
Description = Fault bucket 2064199148.

Error - 2/18/2011 12:40:16 PM | Computer Name = DJRZ4761 | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

Error - 2/19/2011 8:15:59 PM | Computer Name = DJRZ4761 | Source = Application Error | ID = 1000
Description = Faulting application pev.exe, version 0.0.0.0, faulting module , version
0.0.0.0, fault address 0x0008d560.

Error - 2/20/2011 11:10:28 AM | Computer Name = DJRZ4761 | Source = Application Error | ID = 1000
Description = Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe,
version 0.0.0.0, fault address 0x0008d560.

[ System Events ]
Error - 2/18/2011 10:18:50 PM | Computer Name = DJRZ4761 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/18/2011 10:18:50 PM | Computer Name = DJRZ4761 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/18/2011 10:18:50 PM | Computer Name = DJRZ4761 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/18/2011 10:18:50 PM | Computer Name = DJRZ4761 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/18/2011 10:18:50 PM | Computer Name = DJRZ4761 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/18/2011 10:18:50 PM | Computer Name = DJRZ4761 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/18/2011 10:18:51 PM | Computer Name = DJRZ4761 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/19/2011 2:31:16 PM | Computer Name = DJRZ4761 | Source = DCOM | ID = 10010
Description = The server {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2} did not register
with DCOM within the required timeout.

Error - 2/20/2011 11:41:36 AM | Computer Name = DJRZ4761 | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 2/20/2011 11:42:59 AM | Computer Name = DJRZ4761 | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

< End of report >

Broni · Feb 20, 2011

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

======================================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
IE - HKU\S-1-5-21-2881188650-3112352510-1338976571-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-2881188650-3112352510-1338976571-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2009/12/01 10:35:24 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\41EAAFFA1C.sys
[2004/12/06 15:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/01/28 20:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Viewpoint
@Alternate Data Stream - 88 bytes -> C:\5352T-16.sid:SummaryInformation


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" =-

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

=======================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

BigSand · Feb 20, 2011

Installed Java, removed Old Java, ran OTL

Brodi,
I installed the new version of Java, and ran the Java removal tool. It had an error the first time while it was running, and had to close. I re-ran it without any error messages.
I then ran OTL again, and that log follows.
I will next try security check.
Thanks, BigSand

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2881188650-3112352510-1338976571-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2881188650-3112352510-1338976571-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d81ca86b-ef63-42af-bee3-4502d9a03c2d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d81ca86b-ef63-42af-bee3-4502d9a03c2d}\ deleted successfully.
Starting removal of ActiveX control {02BCC737-B171-4746-94C9-0D8A0B2C0089}
C:\WINDOWS\Downloaded Program Files\ieawsdc.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\WINDOWS\SYSTEM32\41EAAFFA1C.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\Tom\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\Tom\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\Tom\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\Tom\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\Tom\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\Tom\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\Tom\Application Data\Viewpoint folder moved successfully.
ADS C:\5352T-16.sid:SummaryInformation deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Application Data

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 2995 bytes

User: Tom
->Temp folder emptied: 9374419 bytes
->Temporary Internet Files folder emptied: 19593426 bytes
->Java cache emptied: 2223668 bytes
->Flash cache emptied: 2900 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 30.00 mb

[EMPTYFLASH]

User: All Users

User: Application Data

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Tom
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.6 log created on 02202011_184329

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

BigSand · Feb 20, 2011

Ran Security Check

Brodi, here are the results of Security Check.
Thanks, BigSand

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
McAfee AntiVirus Plus
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_06
Out of date Java installed!
Adobe Flash Player
Adobe Reader 8.2.6
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

Broni · Feb 20, 2011

Hmmm...I still see number of old Java versions installed.
Go to Add\Remove and uninstall:

Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_06

============================================================

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

==================================================================

...and Eset....

BigSand · Feb 20, 2011

ESETScan log

Brodi,
Following is the ESETScan log.
It found one virus. Please advise me
on it's removal.
Thanks, BigSand

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2021\A0192233.exe a variant of Win32/Kryptik.KUO trojan

Broni · Feb 20, 2011

That particular item is in one of your restore point, which are we about to reset.

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

BigSand · Feb 20, 2011

JAVA removal

Brodi,
I removed the old versions that you listed, with the exception of
the last two, which would not uninstall.
Please advise on how to uninstall these two.

Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_06

I will study up on the Adobe program you mention.
Also, I intend to donate to your cause when we're
done.
Thanks, BigSand

Broni · Feb 20, 2011

You can try to re-run JavaRa one more time.
If that won't help, leave them alone.
Most likely just dead registry entries.
Nothing to worry about.

BigSand · Feb 20, 2011

Thanks for all your help Broni

Broni,
Going to bed..... had enough for one day, lol.
You sure know your stuff!
My computer seems to be working great now.....
faster, and no problems with my searches getting
redirrected!!!

I will download the other "preventive" measures
you mention on the thread tomorrow, and figure
out what I want to do with Adobe.

Will I have access to the tread for a while yet?

I've made a donation to your cause via PayPal.
Thanks!!
BigSand

Broni · Feb 20, 2011

The thread will be open.

Thank you for your donation

Broni · Feb 26, 2011

The issue seems to be resolved.

BigSand · Feb 26, 2011

RE: Issue Resolved

Yes, Thanks! Things are working pretty well now. Scan's yesterday found no issues. Only issue is when I'm in Yahoo, select a link, then hit my browser's
back arrow....... sometimes it try's to go to something call "Blue Lithium" ads,
but the page does not load. Research shows that Blue Lithium is owned by Yahoo, but I was not able to cure the problem.

Solved Internet searches redirect to unwanted pages

Posts: 28 +0

Posts: 56,041 +516

Posts: 28 +0

Posts: 56,041 +516

Posts: 28 +0

Posts: 56,041 +516

Posts: 28 +0

Posts: 56,041 +516

Posts: 28 +0

Posts: 56,041 +516

Posts: 28 +0

Posts: 28 +0

Posts: 28 +0

Posts: 56,041 +516

Posts: 28 +0

Posts: 28 +0

Posts: 56,041 +516

Posts: 28 +0

Posts: 56,041 +516

Posts: 28 +0

Posts: 56,041 +516

Posts: 28 +0

Posts: 56,041 +516

Posts: 56,041 +516

Posts: 28 +0

Similar threads