Inactive McAfee real time scan will not stay on

Status
Not open for further replies.
W

waltd15

Posts: 10   +0
Mcafee Internet security suite real time scanner will not remain active, disables within seconds after I select "turn on", ran mcafee virtual tech, worked with MCafee online tech, removed/updated SW, swicthed to automatic start under services.msc and the problem returns. removed adwar/spaware/malware using malwarebytes/superantispyware/mcafee/advanced systems care4/cc cleaner. Tne computer appears to reboot randomly on it's own and I cleaned the dust to mimimize overheating.
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Broni, thank-you for responding, the four logs follow

******************Malwarebytes Anti-Malware log********************
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6579

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/16/2011 11:41:28 AM
mbam-log-2011-05-16 (11-41-28).txt

Scan type: Quick scan
Objects scanned: 149624
Time elapsed: 7 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**********************GMER log*************************
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit quick scan 2011-05-16 12:24:54
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-8 WDC_WD2500AAKS-00SBA0 rev.12.01B01
Running: ggsp3301.exe; Driver: C:\DOCUME~1\WD\LOCALS~1\Temp\pwxdrfog.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF7456D70]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF7456D84]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF7456DB0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF7456E06]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF7456D5C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF7456D34]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF7456D48]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF7456D9A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF7456DDC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF7456DC6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF7456E1C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF7456DF0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----



******************DDS logs***************:
****DDS.txt****
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by WD at 12:29:44.70 on Mon 05/16/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.380 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Common Files\AOL\1180737898\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\WINDOWS\system32\MDM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Vuze\Azureus.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\AOL Desktop 9.6\waol.exe
C:\Program Files\AOL Desktop 9.6\shellmon.exe
c:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
C:\Program Files\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe
C:\Documents and Settings\WD\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com
uSearchMigratedDefaultURL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
uURLSearchHooks: Best Security Tips Toolbar: {da30eff8-ccc6-4162-a20d-67402a26a215} - c:\program files\best_security_tips\tbBes1.dll
uURLSearchHooks: N/A: {9cb65206-89c4-402c-ba80-02d8c59f9b1d} -
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110514082840.dll
BHO: Ask Search Assistant BHO: {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - Ask Search Assistant BHO
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
BHO: Best Security Tips Toolbar: {da30eff8-ccc6-4162-a20d-67402a26a215} - c:\program files\best_security_tips\tbBes1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Ask Toolbar BHO: {fe063db1-4ec0-403e-8dd8-394c54984b2c} - Ask Toolbar BHO
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Best Security Tips Toolbar: {da30eff8-ccc6-4162-a20d-67402a26a215} - c:\program files\best_security_tips\tbBes1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} -
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cdloader] "c:\documents and settings\wd\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [AOL Fast Start] "c:\program files\aol desktop 9.6\AOL.EXE" -b
uRun: [Advanced SystemCare 4] "c:\program files\iobit\advanced systemcare 4\ASCTray.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [HostManager] c:\program files\common files\aol\1180737898\ee\AOLSoftware.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe"
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [KB2492386] rundll32.exe apphelp.dll,ShimFlushCache
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\activclient agent.lnk - c:\program files\actividentity\activclient\acsagent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ADOBEA~1.LNK -
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hp digital imaging monitor.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-explorer: NoInstrumentation = 1 (0x1)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: navy.mil\webmail.west.nmci
DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - hxxp://inst.c-wss.com/vwhpro/EN/install/gtdownlr.cab
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\siteadvisor\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: ackpbsc - c:\windows\system32\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 c:\\windows\\system32\\ddccc
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 459728]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-31 84200]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-5-15 352656]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-31 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-31 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-31 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-31 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-31 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-31 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-31 148520]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-31 56064]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-3-31 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-3-31 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-31 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-3-31 88736]
R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [2007-10-17 56448]
S2 0319361305510205mcinstcleanup;McAfee Application Installer Cleanup (0319361305510205);c:\windows\temp\0319361305510205mcinst.exe c:\progra~1\common~1\mcafee\installer\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\0319361305510205mcinst.exe c:\progra~1\common~1\mcafee\installer\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1cac859c20c6b1e;Google Update Service (gupdate1cac859c20c6b1e);c:\program files\google\update\GoogleUpdate.exe [2010-3-20 133104]
S3 EraserUtilDrv10741;EraserUtilDrv10741;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10741.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10741.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-20 133104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-3-31 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-31 84488]
.
=============== Created Last 30 ================
.
2011-05-15 19:14:12 -------- d-----w- c:\windows\system32\winrm
2011-05-15 19:14:11 -------- d-----w- c:\windows\system32\GroupPolicy
2011-05-15 19:14:02 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-05-15 19:13:49 -------- d-----w- C:\6a54e3f4187a462bf31491
2011-05-15 18:35:01 -------- d-----w- c:\docume~1\wd\applic~1\IObit
2011-05-15 18:33:06 30459048 ----a-w- c:\program files\asc4-setup-cnet.exe
2011-05-15 10:00:26 -------- d-----w- C:\eb76c42999948a7165180c8c
2011-05-14 20:51:23 -------- d-----w- c:\docume~1\wd\applic~1\Malwarebytes
2011-05-14 20:51:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-14 20:51:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-05-14 20:51:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-14 20:51:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-14 20:47:02 -------- d-----w- c:\program files\YouTube Downloader
2011-05-14 20:46:32 4700823 ----a-w- c:\program files\YouTubeDownloaderSetup272.exe
2011-05-14 20:42:35 7734208 ----a-w- c:\program files\mbam-setup-1.50.1.1100.exe
2011-05-14 20:24:59 -------- d-----w- C:\7e67a608736e539e308dff8ee164c3
2011-05-14 15:29:27 -------- d-----w- c:\program files\SiteAdvisor
2011-05-13 10:00:52 -------- d-----w- C:\c3e06d72f5b5c351cbdc97cb
2011-05-12 02:19:25 3063136 ----a-w- c:\program files\ccsetup306.exe
2011-05-11 17:36:52 -------- d-----w- c:\docume~1\wd\applic~1\Azureus
2011-05-11 17:36:07 -------- d-----w- c:\program files\Vuze
2011-05-11 17:36:00 -------- d-----w- c:\docume~1\wd\locals~1\applic~1\Vuze_Remote
2011-05-11 17:35:48 -------- d-----w- c:\program files\ConduitEngine
2011-05-11 17:35:48 -------- d-----w- c:\docume~1\wd\locals~1\applic~1\ConduitEngine
2011-05-11 17:35:46 -------- d-----w- c:\program files\Vuze_Remote
2011-05-11 17:27:21 8902072 ----a-w- c:\program files\Vuze_Installer.exe
.
==================== Find3M ====================
.
2011-04-14 12:07:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-14 09:40:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-05 16:57:42 231224 ----a-w- c:\program files\RapportSetup.exe
2011-03-31 23:00:50 458096 ----a-w- c:\program files\MVTInstaller.exe
2011-03-28 18:59:50 38808920 ----a-w- c:\program files\FileFormatConverters.exe
2011-03-28 18:57:19 25685128 ----a-w- c:\program files\wordview_en-us.exe
2011-03-27 17:14:38 103 ----a-w- c:\program files\oas-disabled-fix.cmd
2011-03-23 18:38:40 478512 ----a-w- c:\program files\vlcmediaplayer-setup.exe
2011-03-21 02:07:24 6449984 ----a-w- c:\program files\HitmanPro35.exe
2011-03-19 20:40:37 10904766 ----a-w- c:\program files\dvdnextcopy_ultimate_setup.exe
2011-03-13 18:45:14 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-03-11 14:10:38 471552 ----a-w- c:\windows\apppatch\SET1F2.tmp
2011-03-09 21:54:59 2195440 ----a-w- c:\program files\aol_toolbar.exe
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-01-21 23:21:30 4622344 ----a-w- c:\program files\avg_avct_stb_all_2011_1191_cnet.exe
2011-01-21 23:09:02 4622344 ----a-w- c:\program files\avg_free_stb_all_2011_1191_cnet.exe
2011-01-21 23:07:54 58833152 ----a-w- c:\program files\setup_av_free.exe
2010-04-11 02:31:59 1180952 ----a-w- c:\program files\DivXInstaller.exe
2010-04-10 19:33:19 13856752 ----a-w- c:\program files\DVDFab7030.exe
2010-03-24 02:01:23 24023528 ----a-w- c:\program files\WordPerfectLightningInstaller.exe
2010-03-24 01:52:51 360710968 ----a-w- c:\program files\WordPerfectOfficeInstaller.exe
2010-03-22 00:40:00 35001856 ----a-w- c:\program files\eav_nt32_enu.msi
2010-02-24 20:54:22 27386256 ----a-w- c:\program files\AdbeRdr930_en_US.exe
2010-02-12 01:16:55 209784 ----a-w- c:\program files\AOLDNLD.exe
2010-02-02 03:04:04 8246504 ----a-w- c:\program files\Babylon8_setup.exe
2009-11-26 03:18:08 13249536 ----a-w- c:\program files\DVDFab6205.exe
2009-11-07 23:51:33 10307238 ----a-w- c:\program files\DVDneXtCOPY_Ultimate_V3_0_5_6.exe
2009-09-21 22:09:09 4855296 ----a-w- c:\program files\epson10245.exe
2009-08-14 00:17:56 1045536 ----a-w- c:\program files\DriverDetective.exe
2009-08-13 23:56:26 8319598 ----a-w- c:\program files\Dell_1700_1700n_Win2KXP_Drivers_en.exe
2009-08-13 23:11:08 113328018 ----a-w- c:\program files\sdat5707.exe
2009-08-11 16:17:10 18863384 ----a-w- c:\program files\LimeWireWin.exe
2009-04-19 20:29:31 25740144 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2009-04-17 15:26:54 387983200 ----a-w- c:\program files\ZunePackage31.exe
2009-04-17 14:52:02 137572496 ----a-w- c:\program files\zunesetuppkg-x86.exe
2009-04-07 23:49:44 2051072 ----a-w- c:\program files\i550xp190usz.exe
2009-03-28 14:26:05 9708961 ----a-w- c:\program files\DVDneXtCOPY_Ultimate_V3_0_4_6.exe
2009-03-28 12:42:19 113136 ----a-w- c:\program files\Machinist2.setup.exe
2009-03-01 23:06:13 1948608 ----a-w- c:\program files\R150860.EXE
2009-02-06 01:08:02 8004480 ----a-w- c:\program files\DVDFab5232.exe
2009-01-10 05:31:55 8002152 ----a-w- c:\program files\DVDFab5230.exe
2008-11-30 07:46:55 6126416 ----a-w- c:\program files\seatoolsforwindowssetup.exe
2008-11-30 07:45:56 3997231 ----a-w- c:\program files\FreeAgentCN.exe
2008-11-26 21:47:25 1971378 ----a-w- c:\program files\SetupImgBurn_2.4.2.0.exe
2008-11-19 18:40:06 568576 ----a-w- c:\program files\DVD43_4-4-0_Setup.exe
2008-11-10 19:23:40 149120 ----a-w- c:\program files\startzune.exe
2008-10-05 18:49:55 1851944 ----a-w- c:\program files\vso_inspector_setup.exe
2008-10-01 03:41:33 3229288 ----a-w- c:\program files\DBsignWebSigner.exe
2008-08-23 15:58:52 6543440 ----a-w- c:\program files\AWCSetup.exe
2008-08-23 03:22:40 7507296 ----a-w- c:\program files\rminstall.exe
2008-06-29 01:51:52 636192 ----a-w- c:\program files\DMSetup-Serial.exe
2008-06-06 04:15:52 667688 ----a-w- c:\program files\WindowsXP-KB941644-x86-ENU.exe
2008-05-29 02:31:40 7056016 ----a-w- c:\program files\DVDFab5025.exe
2008-04-30 02:53:56 2403400 ----a-w- c:\program files\SetupAnyDVD6412.exe
2008-03-29 19:56:56 6678400 ----a-w- c:\program files\DVDFabPlatinum4120.exe
1998-12-09 03:53:54 99840 ----a-w- c:\program files\common files\IRAABOUT.DLL
1998-12-09 03:53:54 70144 ----a-w- c:\program files\common files\IRAMDMTR.DLL
1998-12-09 03:53:54 48640 ----a-w- c:\program files\common files\IRALPTTR.DLL
1998-12-09 03:53:54 31744 ----a-w- c:\program files\common files\IRAWEBTR.DLL
1998-12-09 03:53:54 186368 ----a-w- c:\program files\common files\IRAREG.DLL
1998-12-09 03:53:54 17920 ----a-w- c:\program files\common files\IRASRIAL.DLL
.
============= FINISH: 12:30:45.60 ===============


***Attach.txt***

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/18/2007 8:12:18 AM
System Uptime: 5/15/2011 1:42:52 PM (23 hours ago)
.
Motherboard: Intel Corporation | | D945GCCR
Processor: Intel(R) Pentium(R) D CPU 3.20GHz | | 3192/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 0.424 GiB free.
D: is CDROM (CDFS)
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP565: 5/16/2011 3:03:43 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
.
32 Bit HP CIO Components Installer
8500A909_eDocs
8500A909_Help
8500A909g
ActivClient CAC 6.1 x86
Adobe Acrobat 4.0
Adobe Acrobat 7.0 Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe PhotoDeluxe Home Edition 4.0
Adobe Photoshop CS
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Advanced SystemCare 4
Advanced WindowsCare Personal
AOL Registration
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update
Ask Toolbar
Best Security Tips Toolbar
BPD_DSWizards
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Canon i550
CCleaner
Compatibility Pack for the 2007 Office system
Conduit Engine
Critical Update for Windows Media Player 11 (KB959772)
DBsign Web Signer
Dell Driver Download Manager
Destination Component
DeviceDiscovery
Digimax Master
DocMgr
DocProc
Download Updater (AOL LLC)
Drive Manager
Driver Detective
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
DVDFab 6.2.1.8 (31/12/2009)
DVDFab 7.0.3.0 (26/03/2010)
DVDFab 8.0.7.3 (29/01/2011)
DVDFab Platinum 4.1.2.0
DVDneXtCOPY 3 Ultimate
EPSON TWAIN 5
Fax
Google Update Helper
GoToAssist Corporate
GPBaseService2
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Customer Participation Program 12.0
HP Document Manager 2.0
HP Driver Diagnostics
HP Imaging Device Functions 12.0
HP Photosmart Essential 3.5
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
ImgBurn
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections
InterActual Player
J2SE Runtime Environment 5.0 Update 3
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 25
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
LightScribe 1.8.15.1
LimeWire 5.2.13
Machinist2DLL
Malwarebytes' Anti-Malware
MarketResearch
McAfee Internet Security Suite
McAfee Virtual Technician
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Office Word Viewer 2003
Microsoft Project 2000
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft VC9 runtime libraries
Microsoft WinUsb 1.0
MPM
MSVCSetup
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
NavFit98A
Nero 8
neroxml
NetWaiting
Network
OCR Software by I.R.I.S. 12.0
Officejet Pro 8500 A909 Series
Omemo 0.27 Beta
OpenOffice.org Installer 1.0
P_CS
ProductContext
QuickTime
Realtek High Definition Audio Driver
Risk+ 2.0 for Microsoft Project
Samsung USB Driver
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Shop for HP Supplies
SmartForce Player
SmartWebPrinting
Soft Voice SoftRing Modem with SmartSP
SolutionCenter
Status
SUPERAntiSpyware
SureThing CD Labeler - Stomper Edition 32 bit
TestDrive Client
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
V92 PCI Voice Faxmodem
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.4053
VideoLAN VLC media player 0.8.6f
Viewpoint Media Player
VSO Inspector 1.4.2
Vuze
Vuze Remote Toolbar
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
wInsight 5.0
Yahoo! Toolbar
YouTube Downloader 2.7.2
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)
.
==== Event Viewer Messages From Past Week ========
.
5/16/2011 3:32:47 AM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
5/16/2011 3:26:25 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2418241).
5/16/2011 3:20:07 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2446704).
5/16/2011 3:14:45 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 SP1 Update for Windows Server 2003 and Windows XP x86 (KB982168).
5/15/2011 12:18:17 PM, error: KB968930 [4373] - Windows Management Framework Core KB968930 installation failed.
The file or directory is corrupted and unreadable.
.
==== End Of File ===========================
 
Download Bootkit Remover to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
  • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

==================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Broni,

logs for Bootkit and Combofix follow, thank-you

***********Bootkit Remover***************
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

****************ComboFix************************************

ComboFix 11-05-16.02 - WD 05/16/2011 20:47:35.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.517 [GMT -7:00]
Running from: C:\Documents and Settings\WD\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\check_LSA7.txt
C:\Documents and Settings\WD\Application Data\inst.exe
C:\Documents and Settings\WD\WINDOWS
C:\Program Files\autorun.inf
C:\Program Files\Search Toolbar
C:\Program Files\Search Toolbar\icon.ico
C:\Program Files\Search Toolbar\SearchToolbar.dll
C:\Program Files\Search Toolbar\SearchToolbarUninstall.exe
C:\Program Files\Search Toolbar\SearchToolbarUpdater.exe
C:\readme.txt
J:\Autorun.inf


((((((((((((((((((((((((( Files Created from 2011-04-17 to 2011-05-17 )))))))))))))))))))))))))))))))


2011-05-17 02:53:27 . 2011-05-17 02:53:30 -------- d-----w- C:\Program Files\7-Zip
2011-05-17 02:53:17 . 2011-05-17 02:53:24 1110476 ----a-w- C:\Program Files\7z920.exe
2011-05-15 20:43:29 . 2011-05-15 20:43:29 -------- d-----w- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AOL
2011-05-15 19:14:12 . 2011-05-15 19:14:12 -------- d-----w- C:\WINDOWS\system32\winrm
2011-05-15 19:14:11 . 2011-05-15 19:14:11 -------- d-----w- C:\WINDOWS\system32\GroupPolicy
2011-05-15 19:14:02 . 2011-05-15 19:14:21 -------- dc-h--w- C:\WINDOWS\$968930Uinstall_KB968930$
2011-05-15 19:13:49 . 2011-05-15 19:13:56 -------- d-----w- C:\6a54e3f4187a462bf31491
2011-05-15 18:35:01 . 2011-05-15 18:35:01 -------- d-----w- C:\Documents and Settings\WD\Application Data\IObit
2011-05-15 18:33:06 . 2011-05-15 18:33:08 30459048 ----a-w- C:\Program Files\asc4-setup-cnet.exe
2011-05-15 10:00:26 . 2011-05-15 10:00:32 -------- d-----w- C:\eb76c42999948a7165180c8c
2011-05-14 20:51:23 . 2011-05-14 20:51:23 -------- d-----w- C:\Documents and Settings\WD\Application Data\Malwarebytes
2011-05-14 20:51:17 . 2011-05-14 20:51:17 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-05-14 20:51:17 . 2010-12-21 01:09:00 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-05-14 20:51:14 . 2011-05-14 20:51:18 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-05-14 20:51:14 . 2010-12-21 01:08:40 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2011-05-14 20:47:02 . 2011-05-14 20:47:05 -------- d-----w- C:\Program Files\YouTube Downloader
2011-05-14 20:46:32 . 2011-05-14 20:46:38 4700823 ----a-w- C:\Program Files\YouTubeDownloaderSetup272.exe
2011-05-14 20:42:35 . 2011-05-14 20:51:00 7734208 ----a-w- C:\Program Files\mbam-setup-1.50.1.1100.exe
2011-05-14 20:24:59 . 2011-05-14 20:25:00 -------- d-----w- C:\7e67a608736e539e308dff8ee164c3
2011-05-14 15:29:27 . 2011-05-14 15:29:28 -------- d-----w- C:\Program Files\SiteAdvisor
2011-05-13 10:00:52 . 2011-05-13 10:00:56 -------- d-----w- C:\c3e06d72f5b5c351cbdc97cb
2011-05-12 02:19:25 . 2011-05-12 02:19:37 3063136 ----a-w- C:\Program Files\ccsetup306.exe
2011-05-11 17:36:52 . 2011-05-17 03:15:57 -------- d-----w- C:\Documents and Settings\WD\Application Data\Azureus
2011-05-11 17:36:07 . 2011-05-16 02:27:35 -------- d-----w- C:\Program Files\Vuze
2011-05-11 17:36:00 . 2011-05-14 20:23:04 -------- d-----w- C:\Documents and Settings\WD\Local Settings\Application Data\Vuze_Remote
2011-05-11 17:35:48 . 2011-05-14 20:23:07 -------- d-----w- C:\Documents and Settings\WD\Local Settings\Application Data\ConduitEngine
2011-05-11 17:35:48 . 2011-05-11 17:35:50 -------- d-----w- C:\Program Files\ConduitEngine
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-04-14 21:01:38 . 2011-03-31 22:55:04 9344 ----a-w- C:\WINDOWS\system32\drivers\mfeclnk.sys
2011-04-14 21:01:38 . 2011-03-31 22:54:56 88736 ----a-w- C:\WINDOWS\system32\drivers\mfendisk.sys
2011-04-14 21:01:38 . 2011-03-31 22:54:56 84488 ----a-w- C:\WINDOWS\system32\drivers\mferkdet.sys
2011-04-14 21:01:38 . 2011-03-31 22:54:56 84200 ----a-w- C:\WINDOWS\system32\drivers\mfetdi2k.sys
2011-04-14 21:01:38 . 2011-03-31 22:54:56 52320 ----a-w- C:\WINDOWS\system32\drivers\mfebopk.sys
2011-04-14 21:01:38 . 2011-03-31 22:54:56 314088 ----a-w- C:\WINDOWS\system32\drivers\mfefirek.sys
2011-04-14 21:01:38 . 2011-03-31 22:54:55 56064 ----a-w- C:\WINDOWS\system32\drivers\cfwids.sys
2011-04-14 21:01:38 . 2011-03-31 22:54:55 153280 ----a-w- C:\WINDOWS\system32\drivers\mfeavfk.sys
2011-04-14 12:07:59 . 2011-01-23 00:50:56 472808 ----a-w- C:\WINDOWS\system32\deployJava1.dll
2011-04-14 09:40:22 . 2007-09-01 02:52:40 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl
2011-04-05 16:57:42 . 2011-04-05 16:57:42 231224 ----a-w- C:\Program Files\RapportSetup.exe
2011-03-31 23:00:50 . 2011-03-31 23:02:33 458096 ----a-w- C:\Program Files\MVTInstaller.exe
2011-03-28 18:59:50 . 2009-04-06 00:48:54 38808920 ----a-w- C:\Program Files\FileFormatConverters.exe
2011-03-28 18:57:19 . 2009-04-06 00:44:46 25685128 ----a-w- C:\Program Files\wordview_en-us.exe
2011-03-27 17:14:38 . 2011-03-27 17:14:45 103 ----a-w- C:\Program Files\oas-disabled-fix.cmd
2011-03-23 18:38:40 . 2011-03-23 18:36:55 478512 ----a-w- C:\Program Files\vlcmediaplayer-setup.exe
2011-03-21 02:07:28 . 2011-01-21 23:38:20 16968 ----a-w- C:\WINDOWS\system32\drivers\hitmanpro35.sys
2011-03-21 02:07:24 . 2011-01-21 23:37:25 6449984 ----a-w- C:\Program Files\HitmanPro35.exe
2011-03-19 20:40:37 . 2011-03-19 20:32:37 10904766 ----a-w- C:\Program Files\dvdnextcopy_ultimate_setup.exe
2011-03-13 18:45:14 . 2011-03-31 22:46:17 148520 ----a-w- C:\WINDOWS\system32\mfevtps.exe
2011-03-13 18:20:10 . 2010-10-14 05:28:54 459728 ----a-w- C:\WINDOWS\system32\drivers\mfehidk.sys
2011-03-13 18:20:10 . 2010-10-14 05:28:54 118784 ----a-w- C:\WINDOWS\system32\drivers\mfeapfk.sys
2011-03-11 14:10:38 . 2006-02-28 12:00:00 471552 ----a-w- C:\WINDOWS\apppatch\aclayers.dll
2011-03-09 21:54:59 . 2011-03-09 21:54:56 2195440 ----a-w- C:\Program Files\aol_toolbar.exe
2011-03-07 05:33:50 . 2007-04-27 17:32:16 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll
2011-03-04 06:37:06 . 2006-02-28 12:00:00 420864 ----a-w- C:\WINDOWS\system32\vbscript.dll
2011-03-03 13:21:11 . 2006-02-28 12:00:00 1857920 ----a-w- C:\WINDOWS\system32\win32k.sys
2011-02-22 23:06:29 . 2006-02-28 12:00:00 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2011-02-22 23:06:29 . 2006-02-28 12:00:00 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2011-02-22 23:06:29 . 2006-02-28 12:00:00 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
2011-02-22 11:41:59 . 2006-02-28 12:00:00 385024 ----a-w- C:\WINDOWS\system32\html.iec
2011-02-17 13:18:24 . 2006-02-28 12:00:00 455936 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2011-02-17 13:18:03 . 2006-02-28 12:00:00 357888 ----a-w- C:\WINDOWS\system32\drivers\srv.sys
2011-02-17 12:32:12 . 2009-04-17 11:48:58 5120 ----a-w- C:\WINDOWS\system32\xpsp4res.dll
2011-01-21 23:21:30 . 2011-01-21 23:21:25 4622344 ----a-w- C:\Program Files\avg_avct_stb_all_2011_1191_cnet.exe
2011-01-21 23:09:02 . 2011-01-21 23:08:55 4622344 ----a-w- C:\Program Files\avg_free_stb_all_2011_1191_cnet.exe
2011-01-21 23:07:54 . 2011-01-21 22:55:41 58833152 ----a-w- C:\Program Files\setup_av_free.exe
2010-04-11 02:31:59 . 2010-04-11 02:31:58 1180952 ----a-w- C:\Program Files\DivXInstaller.exe
2010-04-10 19:33:19 . 2010-04-10 19:33:13 13856752 ----a-w- C:\Program Files\DVDFab7030.exe
2010-03-24 02:01:23 . 2010-03-24 02:01:22 24023528 ----a-w- C:\Program Files\WordPerfectLightningInstaller.exe
2010-03-24 01:52:51 . 2010-03-24 01:52:05 360710968 ----a-w- C:\Program Files\WordPerfectOfficeInstaller.exe
2010-03-22 00:40:00 . 2010-03-22 00:19:59 35001856 ----a-w- C:\Program Files\eav_nt32_enu.msi
2010-02-24 20:54:22 . 2010-02-24 20:54:21 27386256 ----a-w- C:\Program Files\AdbeRdr930_en_US.exe
2010-02-12 01:16:55 . 2010-02-12 01:16:55 209784 ----a-w- C:\Program Files\AOLDNLD.exe
2010-02-02 03:04:04 . 2010-02-02 03:03:51 8246504 ----a-w- C:\Program Files\Babylon8_setup.exe
2009-11-26 03:18:08 . 2009-11-26 03:18:01 13249536 ----a-w- C:\Program Files\DVDFab6205.exe
2009-11-07 23:51:33 . 2009-11-07 23:51:27 10307238 ----a-w- C:\Program Files\DVDneXtCOPY_Ultimate_V3_0_5_6.exe
2009-09-21 22:09:09 . 2009-09-21 22:09:01 4855296 ----a-w- C:\Program Files\epson10245.exe
2009-08-14 00:17:56 . 2008-08-23 02:47:30 1045536 ----a-w- C:\Program Files\DriverDetective.exe
2009-08-13 23:56:26 . 2009-08-13 23:05:33 8319598 ----a-w- C:\Program Files\Dell_1700_1700n_Win2KXP_Drivers_en.exe
2009-08-13 23:11:08 . 2009-08-13 23:11:05 113328018 ----a-w- C:\Program Files\sdat5707.exe
2009-08-11 16:17:10 . 2008-05-03 17:01:40 18863384 ----a-w- C:\Program Files\LimeWireWin.exe
2009-04-19 20:29:31 . 2009-04-19 20:29:30 25740144 ----a-w- C:\Program Files\wmp11-windowsxp-x86-enu.exe
2009-04-17 15:26:54 . 2009-04-17 15:26:17 387983200 ----a-w- C:\Program Files\ZunePackage31.exe
2009-04-17 14:52:02 . 2009-04-17 14:51:59 137572496 ----a-w- C:\Program Files\zunesetuppkg-x86.exe
2009-04-07 23:49:44 . 2009-02-07 18:39:32 2051072 ----a-w- C:\Program Files\i550xp190usz.exe
2009-03-28 14:26:05 . 2009-03-28 14:26:00 9708961 ----a-w- C:\Program Files\DVDneXtCOPY_Ultimate_V3_0_4_6.exe
2009-03-28 12:42:19 . 2008-11-19 18:34:33 113136 ----a-w- C:\Program Files\Machinist2.setup.exe
2009-03-01 23:06:13 . 2009-03-01 23:06:10 1948608 ----a-w- C:\Program Files\R150860.EXE
2009-02-06 01:08:02 . 2009-02-06 01:07:52 8004480 ----a-w- C:\Program Files\DVDFab5232.exe
2009-01-10 05:31:55 . 2009-01-10 05:31:46 8002152 ----a-w- C:\Program Files\DVDFab5230.exe
2008-11-30 07:46:55 . 2008-11-30 07:46:52 6126416 ----a-w- C:\Program Files\seatoolsforwindowssetup.exe
2008-11-30 07:45:56 . 2008-11-30 07:45:56 3997231 ----a-w- C:\Program Files\FreeAgentCN.exe
2008-11-26 21:47:25 . 2008-11-26 21:47:18 1971378 ----a-w- C:\Program Files\SetupImgBurn_2.4.2.0.exe
2008-11-19 18:40:06 . 2008-11-19 18:39:56 568576 ----a-w- C:\Program Files\DVD43_4-4-0_Setup.exe
2008-11-10 19:23:40 . 2008-11-10 19:23:40 149120 ----a-w- C:\Program Files\startzune.exe
2008-10-05 18:49:55 . 2008-10-05 18:49:51 1851944 ----a-w- C:\Program Files\vso_inspector_setup.exe
2008-10-01 03:41:33 . 2008-10-01 03:41:24 3229288 ----a-w- C:\Program Files\DBsignWebSigner.exe
2008-08-23 15:58:52 . 2008-08-23 03:17:46 6543440 ----a-w- C:\Program Files\AWCSetup.exe
2008-08-23 03:22:40 . 2008-08-23 03:22:36 7507296 ----a-w- C:\Program Files\rminstall.exe
2008-06-29 01:51:52 . 2008-06-29 01:51:47 636192 ----a-w- C:\Program Files\DMSetup-Serial.exe
2008-06-06 04:15:52 . 2008-06-06 04:15:49 667688 ----a-w- C:\Program Files\WindowsXP-KB941644-x86-ENU.exe
2008-05-29 02:31:40 . 2008-05-29 02:31:28 7056016 ----a-w- C:\Program Files\DVDFab5025.exe
2008-04-30 02:53:56 . 2008-04-30 02:43:08 2403400 ----a-w- C:\Program Files\SetupAnyDVD6412.exe
2008-03-29 19:56:56 . 2008-03-29 19:56:47 6678400 ----a-w- C:\Program Files\DVDFabPlatinum4120.exe
1998-12-09 03:53:54 . 1998-12-09 03:53:54 99840 ----a-w- C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 03:53:54 . 1998-12-09 03:53:54 70144 ----a-w- C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 03:53:54 . 1998-12-09 03:53:54 48640 ----a-w- C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 03:53:54 . 1998-12-09 03:53:54 31744 ----a-w- C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 03:53:54 . 1998-12-09 03:53:54 186368 ----a-w- C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 03:53:54 . 1998-12-09 03:53:54 17920 ----a-w- C:\Program Files\Common Files\IRASRIAL.DLL


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{da30eff8-ccc6-4162-a20d-67402a26a215}"= "C:\Program Files\Best_Security_Tips\tbBes1.dll" [2008-05-03 05:35:54 1470488]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "C:\Program Files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 23:54:02 175912]

[HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 23:54:02 175912 ----a-w- C:\Program Files\ConduitEngine\prxConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 23:54:02 175912 ----a-w- C:\Program Files\Vuze_Remote\prxtbVuze.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da30eff8-ccc6-4162-a20d-67402a26a215}]
2008-05-03 05:35:54 1470488 ----a-w- C:\Program Files\Best_Security_Tips\tbBes1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{da30eff8-ccc6-4162-a20d-67402a26a215}"= "C:\Program Files\Best_Security_Tips\tbBes1.dll" [2008-05-03 05:35:54 1470488]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "C:\Program Files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 23:54:02 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "C:\Program Files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 23:54:02 175912]

[HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DA30EFF8-CCC6-4162-A20D-67402A26A215}"= "C:\Program Files\Best_Security_Tips\tbBes1.dll" [2008-05-03 05:35:54 1470488]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "C:\Program Files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 23:54:02 175912]

[HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-19 00:55:20 451872]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-10 19:55:18 2424192]
"Advanced SystemCare 4"="C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-04-21 23:54:40 402832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-15 01:21:28 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-17 02:04:26 2879488]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 00:39:20 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 00:36:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 00:40:02 118784]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 09:12:02 483328]
"HostManager"="C:\Program Files\Common Files\AOL\1180737898\ee\AOLSoftware.exe" [2010-03-08 07:27:49 41800]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 23:57:48 282624]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 06:16:38 39792]
"basicsmssmenu"="C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 23:21:06 169328]
"accrdsub"="C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 23:08:08 293168]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 22:57:24 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 16:25:06 1828136]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2008-11-10 19:23:40 157312]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 17:54:08 150016]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 20:08:54 49208]
"mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2011-04-05 18:50:44 1195408]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 20:12:22 253672]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ActivClient Agent.lnk - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe [2007-5-15 130864]
Adobe Acrobat Speed Launcher.lnk - [N/A]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-5-23 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-1-20 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 17:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21:41 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-05-15 23:08:16 112640 ----a-w- C:\WINDOWS\system32\ackpbsc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-05-15 23:08:12 281088 ----a-w- C:\Program Files\ActivIdentity\ActivClient\acunlock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-03-09 22:39:52 13672 ----a-w- C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\1180737898\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AOL 9.0a\\waol.exe"=
"C:\\Program Files\\AOL 9.1\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Omemo\\Omemo.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfcCopy.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"=
"C:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqsudi.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpsapp.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxs08.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqfxt08.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpse.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgpc01.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgm.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgh.exe"=
"C:\\Program Files\\Hp\\HP Software Update\\hpwucli.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"C:\\Documents and Settings\\WD\\Application Data\\mjusbsp\\magicJack.exe"=
"C:\\Program Files\\Vuze\\Azureus.exe"=
"C:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;C:\WINDOWS\system32\drivers\mfetdi2k.sys [3/31/2011 3:54:56 PM 84200]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25:48 AM 12872]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41:30 AM 67656]
R2 accoca;ActivClient Middleware Service;C:\Program Files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 4:08:40 PM 182576]
R2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe [5/15/2011 11:34:59 AM 352656]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/31/2011 3:54:48 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/31/2011 3:54:48 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/31/2011 3:54:48 PM 271480]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe [3/31/2011 3:55:10 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\WINDOWS\system32\mfevtps.exe [3/31/2011 3:46:17 PM 148520]
R3 cfwids;McAfee Inc. cfwids;C:\WINDOWS\system32\drivers\cfwids.sys [3/31/2011 3:54:55 PM 56064]
R3 mfefirek;McAfee Inc. mfefirek;C:\WINDOWS\system32\drivers\mfefirek.sys [3/31/2011 3:54:56 PM 314088]
R3 mfendiskmp;mfendiskmp;C:\WINDOWS\system32\drivers\mfendisk.sys [3/31/2011 3:54:56 PM 88736]
R3 SCR3XX2K;SCR3xx USB SmartCardReader;C:\WINDOWS\system32\drivers\SCR3XX2K.sys [10/17/2007 11:11:00 PM 56448]
S2 gupdate1cac859c20c6b1e;Google Update Service (gupdate1cac859c20c6b1e);C:\Program Files\Google\Update\GoogleUpdate.exe [3/20/2010 11:18:35 AM 133104]
S3 EraserUtilDrv10741;EraserUtilDrv10741;\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys --> C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [3/20/2010 11:18:35 AM 133104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;C:\WINDOWS\system32\drivers\mfendisk.sys [3/31/2011 3:54:56 PM 88736]
S3 mferkdet;McAfee Inc. mferkdet;C:\WINDOWS\system32\drivers\mferkdet.sys [3/31/2011 3:54:56 PM 84488]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-19 00:53:40 451872 ----a-w- C:\Program Files\Common Files\LightScribe\LSRunOnce.exe

Contents of the 'Scheduled Tasks' folder

2011-05-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 22:21:02 . 2006-08-29 22:21:02]

2011-05-17 C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job
- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-05-15 18:34:59 . 2011-04-21 23:54:38]

2011-05-17 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-20 18:18:35 . 2010-03-20 18:18:30]

2011-05-17 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-20 18:18:35 . 2010-03-20 18:18:30]


------- Supplementary Scan -------

uStart Page = hxxp://www.aol.com
uSearchMigratedDefaultURL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
IE: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: navy.mil\webmail.west.nmci
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab

- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
Toolbar-{9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
WebBrowser-{9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
 
Combofix log is incomplete.
Open the log again (C:\combofix.txt) and post the lower part, starting at:

- - - ORPHANS REMOVED - - - -
 
Mcadee Real Time Scan will not Stay on

The last Combofix.txt log ended at orphans removed. Ran Combofix again, log follows
;

ComboFix 11-05-16.04 - WD 05/17/2011 8:18.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.475 [GMT -7:00]
Running from: c:\documents and settings\WD\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\check_LSA7.txt
c:\documents and settings\WD\Application Data\inst.exe
c:\program files\autorun.inf
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
C:\readme.txt
J:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-04-17 to 2011-05-17 )))))))))))))))))))))))))))))))
.
.
2011-05-17 02:53 . 2011-05-17 02:53 -------- d-----w- c:\program files\7-Zip
2011-05-17 02:53 . 2011-05-17 02:53 1110476 ----a-w- c:\program files\7z920.exe
2011-05-15 20:43 . 2011-05-15 20:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AOL
2011-05-15 19:14 . 2011-05-15 19:14 -------- d-----w- c:\windows\system32\winrm
2011-05-15 19:14 . 2011-05-15 19:14 -------- d-----w- c:\windows\system32\GroupPolicy
2011-05-15 19:14 . 2011-05-15 19:14 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-05-15 19:13 . 2011-05-15 19:13 -------- d-----w- C:\6a54e3f4187a462bf31491
2011-05-15 18:35 . 2011-05-15 18:35 -------- d-----w- c:\documents and settings\WD\Application Data\IObit
2011-05-15 18:33 . 2011-05-15 18:33 30459048 ----a-w- c:\program files\asc4-setup-cnet.exe
2011-05-15 10:00 . 2011-05-15 10:00 -------- d-----w- C:\eb76c42999948a7165180c8c
2011-05-14 20:51 . 2011-05-14 20:51 -------- d-----w- c:\documents and settings\WD\Application Data\Malwarebytes
2011-05-14 20:51 . 2011-05-14 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-14 20:51 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-14 20:51 . 2011-05-14 20:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-14 20:51 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-14 20:47 . 2011-05-14 20:47 -------- d-----w- c:\program files\YouTube Downloader
2011-05-14 20:46 . 2011-05-14 20:46 4700823 ----a-w- c:\program files\YouTubeDownloaderSetup272.exe
2011-05-14 20:42 . 2011-05-14 20:51 7734208 ----a-w- c:\program files\mbam-setup-1.50.1.1100.exe
2011-05-14 20:24 . 2011-05-14 20:25 -------- d-----w- C:\7e67a608736e539e308dff8ee164c3
2011-05-14 15:29 . 2011-05-14 15:29 -------- d-----w- c:\program files\SiteAdvisor
2011-05-13 10:00 . 2011-05-13 10:00 -------- d-----w- C:\c3e06d72f5b5c351cbdc97cb
2011-05-12 02:19 . 2011-05-12 02:19 3063136 ----a-w- c:\program files\ccsetup306.exe
2011-05-11 17:36 . 2011-05-17 03:15 -------- d-----w- c:\documents and settings\WD\Application Data\Azureus
2011-05-11 17:36 . 2011-05-16 02:27 -------- d-----w- c:\program files\Vuze
2011-05-11 17:36 . 2011-05-14 20:23 -------- d-----w- c:\documents and settings\WD\Local Settings\Application Data\Vuze_Remote
2011-05-11 17:35 . 2011-05-14 20:23 -------- d-----w- c:\documents and settings\WD\Local Settings\Application Data\ConduitEngine
2011-05-11 17:35 . 2011-05-11 17:35 -------- d-----w- c:\program files\ConduitEngine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 21:01 . 2011-03-31 22:55 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 21:01 . 2011-03-31 22:54 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-04-14 21:01 . 2011-03-31 22:54 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 21:01 . 2011-03-31 22:54 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-04-14 21:01 . 2011-03-31 22:54 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 21:01 . 2011-03-31 22:54 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 21:01 . 2011-03-31 22:54 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 21:01 . 2011-03-31 22:54 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 12:07 . 2011-01-23 00:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-14 09:40 . 2007-09-01 02:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-05 16:57 . 2011-04-05 16:57 231224 ----a-w- c:\program files\RapportSetup.exe
2011-03-31 23:00 . 2011-03-31 23:02 458096 ----a-w- c:\program files\MVTInstaller.exe
2011-03-28 18:59 . 2009-04-06 00:48 38808920 ----a-w- c:\program files\FileFormatConverters.exe
2011-03-28 18:57 . 2009-04-06 00:44 25685128 ----a-w- c:\program files\wordview_en-us.exe
2011-03-27 17:14 . 2011-03-27 17:14 103 ----a-w- c:\program files\oas-disabled-fix.cmd
2011-03-23 18:38 . 2011-03-23 18:36 478512 ----a-w- c:\program files\vlcmediaplayer-setup.exe
2011-03-21 02:07 . 2011-01-21 23:38 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-03-21 02:07 . 2011-01-21 23:37 6449984 ----a-w- c:\program files\HitmanPro35.exe
2011-03-19 20:40 . 2011-03-19 20:32 10904766 ----a-w- c:\program files\dvdnextcopy_ultimate_setup.exe
2011-03-13 18:45 . 2011-03-31 22:46 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-03-13 18:20 . 2010-10-14 05:28 459728 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-03-13 18:20 . 2010-10-14 05:28 118784 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-03-11 14:10 . 2006-02-28 12:00 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2011-03-09 21:54 . 2011-03-09 21:54 2195440 ----a-w- c:\program files\aol_toolbar.exe
2011-03-07 05:33 . 2007-04-27 17:32 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2006-02-28 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2006-02-28 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2006-02-28 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2006-02-28 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-17 11:48 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-01-21 23:21 . 2011-01-21 23:21 4622344 ----a-w- c:\program files\avg_avct_stb_all_2011_1191_cnet.exe
2011-01-21 23:09 . 2011-01-21 23:08 4622344 ----a-w- c:\program files\avg_free_stb_all_2011_1191_cnet.exe
2011-01-21 23:07 . 2011-01-21 22:55 58833152 ----a-w- c:\program files\setup_av_free.exe
2010-04-11 02:31 . 2010-04-11 02:31 1180952 ----a-w- c:\program files\DivXInstaller.exe
2010-04-10 19:33 . 2010-04-10 19:33 13856752 ----a-w- c:\program files\DVDFab7030.exe
2010-03-24 02:01 . 2010-03-24 02:01 24023528 ----a-w- c:\program files\WordPerfectLightningInstaller.exe
2010-03-24 01:52 . 2010-03-24 01:52 360710968 ----a-w- c:\program files\WordPerfectOfficeInstaller.exe
2010-03-22 00:40 . 2010-03-22 00:19 35001856 ----a-w- c:\program files\eav_nt32_enu.msi
2010-02-24 20:54 . 2010-02-24 20:54 27386256 ----a-w- c:\program files\AdbeRdr930_en_US.exe
2010-02-12 01:16 . 2010-02-12 01:16 209784 ----a-w- c:\program files\AOLDNLD.exe
2010-02-02 03:04 . 2010-02-02 03:03 8246504 ----a-w- c:\program files\Babylon8_setup.exe
2009-11-26 03:18 . 2009-11-26 03:18 13249536 ----a-w- c:\program files\DVDFab6205.exe
2009-11-07 23:51 . 2009-11-07 23:51 10307238 ----a-w- c:\program files\DVDneXtCOPY_Ultimate_V3_0_5_6.exe
2009-09-21 22:09 . 2009-09-21 22:09 4855296 ----a-w- c:\program files\epson10245.exe
2009-08-14 00:17 . 2008-08-23 02:47 1045536 ----a-w- c:\program files\DriverDetective.exe
2009-08-13 23:56 . 2009-08-13 23:05 8319598 ----a-w- c:\program files\Dell_1700_1700n_Win2KXP_Drivers_en.exe
2009-08-13 23:11 . 2009-08-13 23:11 113328018 ----a-w- c:\program files\sdat5707.exe
2009-08-11 16:17 . 2008-05-03 17:01 18863384 ----a-w- c:\program files\LimeWireWin.exe
2009-04-19 20:29 . 2009-04-19 20:29 25740144 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2009-04-17 15:26 . 2009-04-17 15:26 387983200 ----a-w- c:\program files\ZunePackage31.exe
2009-04-17 14:52 . 2009-04-17 14:51 137572496 ----a-w- c:\program files\zunesetuppkg-x86.exe
2009-04-07 23:49 . 2009-02-07 18:39 2051072 ----a-w- c:\program files\i550xp190usz.exe
2009-03-28 14:26 . 2009-03-28 14:26 9708961 ----a-w- c:\program files\DVDneXtCOPY_Ultimate_V3_0_4_6.exe
2009-03-28 12:42 . 2008-11-19 18:34 113136 ----a-w- c:\program files\Machinist2.setup.exe
2009-03-01 23:06 . 2009-03-01 23:06 1948608 ----a-w- c:\program files\R150860.EXE
2009-02-06 01:08 . 2009-02-06 01:07 8004480 ----a-w- c:\program files\DVDFab5232.exe
2009-01-10 05:31 . 2009-01-10 05:31 8002152 ----a-w- c:\program files\DVDFab5230.exe
2008-11-30 07:46 . 2008-11-30 07:46 6126416 ----a-w- c:\program files\seatoolsforwindowssetup.exe
2008-11-30 07:45 . 2008-11-30 07:45 3997231 ----a-w- c:\program files\FreeAgentCN.exe
2008-11-26 21:47 . 2008-11-26 21:47 1971378 ----a-w- c:\program files\SetupImgBurn_2.4.2.0.exe
2008-11-19 18:40 . 2008-11-19 18:39 568576 ----a-w- c:\program files\DVD43_4-4-0_Setup.exe
2008-11-10 19:23 . 2008-11-10 19:23 149120 ----a-w- c:\program files\startzune.exe
2008-10-05 18:49 . 2008-10-05 18:49 1851944 ----a-w- c:\program files\vso_inspector_setup.exe
2008-10-01 03:41 . 2008-10-01 03:41 3229288 ----a-w- c:\program files\DBsignWebSigner.exe
2008-08-23 15:58 . 2008-08-23 03:17 6543440 ----a-w- c:\program files\AWCSetup.exe
2008-08-23 03:22 . 2008-08-23 03:22 7507296 ----a-w- c:\program files\rminstall.exe
2008-06-29 01:51 . 2008-06-29 01:51 636192 ----a-w- c:\program files\DMSetup-Serial.exe
2008-06-06 04:15 . 2008-06-06 04:15 667688 ----a-w- c:\program files\WindowsXP-KB941644-x86-ENU.exe
2008-05-29 02:31 . 2008-05-29 02:31 7056016 ----a-w- c:\program files\DVDFab5025.exe
2008-04-30 02:53 . 2008-04-30 02:43 2403400 ----a-w- c:\program files\SetupAnyDVD6412.exe
2008-03-29 19:56 . 2008-03-29 19:56 6678400 ----a-w- c:\program files\DVDFabPlatinum4120.exe
1998-12-09 03:53 . 1998-12-09 03:53 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 03:53 . 1998-12-09 03:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 03:53 . 1998-12-09 03:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 03:53 . 1998-12-09 03:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 03:53 . 1998-12-09 03:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 03:53 . 1998-12-09 03:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{da30eff8-ccc6-4162-a20d-67402a26a215}"= "c:\program files\Best_Security_Tips\tbBes1.dll" [2008-05-03 1470488]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 23:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 23:54 175912 ----a-w- c:\program files\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da30eff8-ccc6-4162-a20d-67402a26a215}]
2008-05-03 05:35 1470488 ----a-w- c:\program files\Best_Security_Tips\tbBes1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{da30eff8-ccc6-4162-a20d-67402a26a215}"= "c:\program files\Best_Security_Tips\tbBes1.dll" [2008-05-03 1470488]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DA30EFF8-CCC6-4162-A20D-67402A26A215}"= "c:\program files\Best_Security_Tips\tbBes1.dll" [2008-05-03 1470488]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-19 451872]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-10 2424192]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-04-21 402832]
"AOL Fast Start"="c:\program files\AOL Desktop 9.6\AOL.EXE" [2011-01-13 42320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-15 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"HostManager"="c:\program files\Common Files\AOL\1180737898\ee\AOLSoftware.exe" [2010-03-08 41800]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2007-5-15 130864]
Adobe Acrobat Speed Launcher.lnk - [N/A]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-5-23 113664]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-20 65588]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-05-15 23:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-05-15 23:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-03-09 22:39 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\1180737898\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.0a\\waol.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Omemo\\Omemo.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\Hp\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Documents and Settings\\WD\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [3/31/2011 3:54 PM 84200]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 4:08 PM 182576]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [5/15/2011 11:34 AM 352656]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/31/2011 3:54 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/31/2011 3:54 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/31/2011 3:54 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [3/31/2011 3:55 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [3/31/2011 3:46 PM 148520]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [3/31/2011 3:54 PM 56064]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [3/31/2011 3:54 PM 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [3/31/2011 3:54 PM 88736]
R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [10/17/2007 11:11 PM 56448]
S2 gupdate1cac859c20c6b1e;Google Update Service (gupdate1cac859c20c6b1e);c:\program files\Google\Update\GoogleUpdate.exe [3/20/2010 11:18 AM 133104]
S3 EraserUtilDrv10741;EraserUtilDrv10741;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/20/2010 11:18 AM 133104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [3/31/2011 3:54 PM 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/31/2011 3:54 PM 84488]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-19 00:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 22:21]
.
2011-05-17 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-05-15 23:54]
.
2011-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-20 18:18]
.
2011-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-20 18:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com
uSearchMigratedDefaultURL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: navy.mil\webmail.west.nmci
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-17 08:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\05\03\0b\11$!?"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1148)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll
.
- - - - - - - > 'explorer.exe'(5720)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\siteadvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-05-17 08:28:03
ComboFix-quarantined-files.txt 2011-05-17 15:28
.
Pre-Run: 68,622,524,416 bytes free
Post-Run: 68,644,515,840 bytes free
.
- - End Of File - - BA5C5B6ADE797340DBCF80E2F9A6280E
 
Looks good.

How is McAfee behaving?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Thank-you Broni, Mcafee real time will not stay active

OTL. txt log Part 1 of 2

OTL logfile created on: 5/17/2011 3:36:11 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\WD\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 474.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 63.62 Gb Free Space | 27.32% Space Free | Partition Type: NTFS
Drive D: | 2.26 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DESKTOP-CC34A4D | User Name: WD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/17 15:30:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WD\Desktop\OTL.exe
PRC - [2011/05/10 12:55:18 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/04/21 16:54:40 | 000,402,832 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/04/21 16:54:38 | 000,801,680 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/04/05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/04/05 11:50:44 | 001,159,888 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe
PRC - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/10/12 14:56:44 | 000,233,912 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\McInsUpd.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010/03/08 00:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\AOL\1180737898\ee\aolsoftware.exe
PRC - [2008/11/10 12:23:40 | 000,157,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\ZUNE\ZuneLauncher.exe
PRC - [2008/11/10 12:23:38 | 000,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2007/05/15 16:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/05/15 16:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007/05/15 16:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2007/05/15 16:08:00 | 000,130,864 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
PRC - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/12/14 02:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [1998/09/03 23:09:08 | 000,119,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MDM.EXE


========== Modules (SafeList) ==========

MOD - [2011/05/17 15:30:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WD\Desktop\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2011/03/09 15:39:54 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2011/01/26 11:30:32 | 000,822,104 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\WINDOWS\Temp\0270651305659229mcinst.exe -- (0270651305659229mcinstcleanup) McAfee Application Installer Cleanup (0270651305659229)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/11/10 12:23:50 | 005,117,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/11/10 12:23:42 | 000,243,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2008/11/10 12:23:38 | 000,060,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2007/05/15 16:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/03/13 11:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/03/13 11:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2007/10/17 23:11:00 | 000,056,448 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2006/11/15 15:34:40 | 004,225,920 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/11/08 16:00:10 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/11/08 15:59:36 | 000,257,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2006/11/08 15:59:30 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/07/05 15:35:54 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2003/01/10 14:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = AOL search
IE - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
IE - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com
IE - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\..\URLSearchHook: {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBes1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/28 16:55:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/16 14:10:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009/03/12 18:49:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\WD\Application Data\Mozilla\Extensions
[2009/03/12 18:49:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\WD\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2011/05/16 20:58:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110514082840.dll (McAfee, Inc.)
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - Reg Error: Value error. File not found
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (Best Security Tips Toolbar) - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBes1.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Best Security Tips Toolbar) - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBes1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\..\Toolbar\WebBrowser: (Best Security Tips Toolbar) - {DA30EFF8-CCC6-4162-A20D-67402A26A215} - C:\Program Files\Best_Security_Tips\tbBes1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180737898\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O15 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\..Trusted Domains: navy.mil ([webmail.west.nmci] https in Trusted sites)
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} http://inst.c-wss.com/vwhpro/EN/install/gtdownlr.cab (Automatic Driver Installation Control)
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ackpbsc: DllName - C:\WINDOWS\system32\ackpbsc.dll - C:\WINDOWS\system32\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\WD\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\WD\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/30 15:32:43 | 000,000,030 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/17 15:30:48 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\WD\Desktop\OTL.exe
[2011/05/17 12:07:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/05/17 06:11:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/05/16 20:20:39 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/16 20:15:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/16 20:15:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/16 20:15:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/16 20:15:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/16 20:15:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/16 20:14:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/16 19:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/05/16 19:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/05/15 19:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WD\My Documents\Vuze Downloads
[2011/05/15 13:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AOL
[2011/05/15 12:14:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011/05/15 12:14:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011/05/15 12:14:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/05/15 12:14:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011/05/15 12:13:49 | 000,000,000 | ---D | C] -- C:\6a54e3f4187a462bf31491
[2011/05/15 11:35:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 4
[2011/05/15 11:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WD\Application Data\IObit
[2011/05/15 11:33:06 | 030,459,048 | ---- | C] (IObit ) -- C:\Program Files\asc4-setup-cnet.exe
[2011/05/15 03:00:26 | 000,000,000 | ---D | C] -- C:\eb76c42999948a7165180c8c
[2011/05/14 13:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WD\Application Data\Malwarebytes
[2011/05/14 13:51:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/14 13:51:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/14 13:51:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/14 13:51:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/14 13:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/14 13:47:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\YouTube Downloader
[2011/05/14 13:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2011/05/14 13:42:35 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.50.1.1100.exe
[2011/05/14 13:24:59 | 000,000,000 | ---D | C] -- C:\7e67a608736e539e308dff8ee164c3
[2011/05/14 08:29:27 | 000,000,000 | ---D | C] -- C:\Program Files\SiteAdvisor
[2011/05/13 03:00:52 | 000,000,000 | ---D | C] -- C:\c3e06d72f5b5c351cbdc97cb
[2011/05/12 08:47:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WD\My Documents\Albany May11 Docs
[2011/05/11 19:19:25 | 003,063,136 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup306.exe
[2011/05/11 19:17:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\WD\Recent
[2011/05/11 13:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WD\My Documents\my Downloads
[2011/05/11 12:20:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WD\My Documents\Credit and Banking
[2011/05/11 10:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WD\Application Data\Azureus
[2011/05/11 10:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2011/05/11 10:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WD\Local Settings\Application Data\Vuze_Remote
[2011/05/11 10:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/05/11 10:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WD\Local Settings\Application Data\ConduitEngine
[2011/05/11 10:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze_Remote
[2011/05/11 10:27:21 | 008,902,072 | ---- | C] (Vuze Inc.) -- C:\Program Files\Vuze_Installer.exe
[2011/04/05 09:57:42 | 000,231,224 | ---- | C] (Trusteer Ltd.) -- C:\Program Files\RapportSetup.exe
[2011/03/31 16:02:33 | 000,458,096 | ---- | C] (McAfee Inc.) -- C:\Program Files\MVTInstaller.exe
[2011/03/19 13:32:37 | 010,904,766 | ---- | C] (DVDneXtCOPY Inc.) -- C:\Program Files\dvdnextcopy_ultimate_setup.exe
[2011/03/09 14:54:56 | 002,195,440 | ---- | C] (AOL Inc.) -- C:\Program Files\aol_toolbar.exe
[2011/01/21 16:37:25 | 006,449,984 | ---- | C] (SurfRight B.V.) -- C:\Program Files\HitmanPro35.exe
[2011/01/21 16:21:25 | 004,622,344 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_avct_stb_all_2011_1191_cnet.exe
[2011/01/21 16:08:55 | 004,622,344 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_2011_1191_cnet.exe
[2010/04/10 19:31:58 | 001,180,952 | ---- | C] (DivX, Inc. ) -- C:\Program Files\DivXInstaller.exe
[2010/04/10 12:33:13 | 013,856,752 | ---- | C] (Fengtao Software Inc. ) -- C:\Program Files\DVDFab7030.exe
[2010/03/23 19:01:22 | 024,023,528 | ---- | C] (Corel Corporation ) -- C:\Program Files\WordPerfectLightningInstaller.exe
[2010/03/23 18:52:05 | 360,710,968 | ---- | C] (Acresso Software Inc. ) -- C:\Program Files\WordPerfectOfficeInstaller.exe
[2010/02/24 13:54:21 | 027,386,256 | ---- | C] ( ) -- C:\Program Files\AdbeRdr930_en_US.exe
[2010/02/11 18:16:55 | 000,209,784 | ---- | C] (AOL LLC.) -- C:\Program Files\AOLDNLD.exe
[2009/11/25 20:18:01 | 013,249,536 | ---- | C] (Fengtao Software Inc. ) -- C:\Program Files\DVDFab6205.exe
[2009/08/13 16:11:05 | 113,328,018 | ---- | C] (McAfee, Inc.) -- C:\Program Files\sdat5707.exe
[2009/04/19 13:29:30 | 025,740,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2009/04/17 08:26:17 | 387,983,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZunePackage31.exe
[2009/04/17 07:51:59 | 137,572,496 | ---- | C] (Microsoft Corporation) -- C:\Program Files\zunesetuppkg-x86.exe
[2009/04/05 17:48:54 | 038,808,920 | ---- | C] (Microsoft Corporation) -- C:\Program Files\FileFormatConverters.exe
[2009/04/05 17:44:46 | 025,685,128 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wordview_en-us.exe
[2009/02/05 18:07:52 | 008,004,480 | ---- | C] (Fengtao Software Inc. ) -- C:\Program Files\DVDFab5232.exe
[2009/01/09 22:31:46 | 008,002,152 | ---- | C] (Fengtao Software Inc. ) -- C:\Program Files\DVDFab5230.exe
[2008/11/26 14:47:18 | 001,971,378 | ---- | C] (LIGHTNING UK!) -- C:\Program Files\SetupImgBurn_2.4.2.0.exe
[2008/11/19 11:39:56 | 000,568,576 | ---- | C] ( ) -- C:\Program Files\DVD43_4-4-0_Setup.exe
[2008/11/10 12:23:40 | 000,149,120 | ---- | C] (Microsoft Corporation) -- C:\Program Files\startzune.exe
[2008/10/05 11:49:51 | 001,851,944 | ---- | C] (VSO-Software SARL ) -- C:\Program Files\vso_inspector_setup.exe
[2008/09/30 20:41:24 | 003,229,288 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\DBsignWebSigner.exe
[2008/08/22 20:22:36 | 007,507,296 | ---- | C] (PC Tools ) -- C:\Program Files\rminstall.exe
[2008/08/22 20:17:46 | 006,543,440 | ---- | C] (IObit ) -- C:\Program Files\AWCSetup.exe
[2008/08/22 19:47:30 | 001,045,536 | ---- | C] (PC Drivers HeadQuarters ) -- C:\Program Files\DriverDetective.exe
[2008/06/28 18:51:47 | 000,636,192 | ---- | C] (McAfee, Inc.) -- C:\Program Files\DMSetup-Serial.exe
[2008/06/05 21:15:49 | 000,667,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB941644-x86-ENU.exe
[2008/05/28 19:31:28 | 007,056,016 | ---- | C] (Fengtao Software Inc. ) -- C:\Program Files\DVDFab5025.exe
[2008/05/03 10:01:40 | 018,863,384 | ---- | C] (Lime Wire LLC) -- C:\Program Files\LimeWireWin.exe
[2008/03/29 12:57:22 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\WD\Application Data\pcouffin.sys
[2008/03/29 12:56:47 | 006,678,400 | ---- | C] (Fengtao Software Inc. ) -- C:\Program Files\DVDFabPlatinum4120.exe
[1998/12/08 20:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL
[1998/12/08 20:53:54 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL
[1998/12/08 20:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL
[1998/12/08 20:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL
[1998/12/08 20:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL
[1998/12/08 20:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\WD\My Documents\*.tmp files -> C:\Documents and Settings\WD\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/17 15:30:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WD\Desktop\OTL.exe
[2011/05/17 15:08:09 | 000,094,360 | ---- | M] () -- C:\VETlog.dmp
[2011/05/17 15:03:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/17 15:03:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/17 08:28:04 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/05/17 08:16:02 | 004,350,228 | R--- | M] () -- C:\Documents and Settings\WD\Desktop\ComboFix.exe
[2011/05/17 06:12:08 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/17 06:11:59 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security Suite.lnk
[2011/05/17 06:11:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/16 20:58:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/16 20:20:43 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/16 20:01:20 | 000,040,205 | ---- | M] () -- C:\Documents and Settings\WD\Desktop\bootkit_remover.7z
[2011/05/16 20:00:16 | 000,039,605 | ---- | M] () -- C:\Documents and Settings\WD\My Documents\bootkit_remover.rar
[2011/05/16 20:00:16 | 000,039,605 | ---- | M] () -- C:\Documents and Settings\WD\Desktop\bootkit_remover.rar
[2011/05/16 19:53:24 | 001,110,476 | ---- | M] () -- C:\Program Files\7z920.exe
[2011/05/16 16:07:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/16 12:27:04 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\WD\Desktop\dds.scr
[2011/05/16 12:17:06 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\WD\Desktop\ggsp3301.exe
[2011/05/15 18:12:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/15 11:35:16 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/05/15 11:35:14 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\WD\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk
[2011/05/15 11:35:13 | 000,000,886 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/05/15 11:33:08 | 030,459,048 | ---- | M] (IObit ) -- C:\Program Files\asc4-setup-cnet.exe
[2011/05/14 13:51:17 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/14 13:51:00 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.50.1.1100.exe
[2011/05/14 13:47:05 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2011/05/14 13:46:38 | 004,700,823 | ---- | M] () -- C:\Program Files\YouTubeDownloaderSetup272.exe
[2011/05/14 12:56:10 | 000,001,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/05/13 18:28:38 | 008,902,072 | ---- | M] (Vuze Inc.) -- C:\Program Files\Vuze_Installer.exe
[2011/05/13 03:32:40 | 000,142,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/11 20:50:53 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\WD\Desktop\Microsoft Word.lnk
[2011/05/11 19:20:31 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/05/11 19:19:37 | 003,063,136 | ---- | M] (Piriform Ltd) -- C:\Program Files\ccsetup306.exe
[2011/05/11 10:36:32 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\WD\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/05/11 10:36:31 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vuze.lnk
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\WD\My Documents\*.tmp files -> C:\Documents and Settings\WD\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
OTL.txt log Part 2 of 2


========== Files Created - No Company Name ==========

[2011/05/16 20:20:43 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/16 20:20:42 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/16 20:15:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/16 20:15:52 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/16 20:15:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/16 20:15:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/16 20:15:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/16 20:06:31 | 004,350,228 | R--- | C] () -- C:\Documents and Settings\WD\Desktop\ComboFix.exe
[2011/05/16 20:03:06 | 000,039,605 | ---- | C] () -- C:\Documents and Settings\WD\My Documents\bootkit_remover.rar
[2011/05/16 20:01:19 | 000,040,205 | ---- | C] () -- C:\Documents and Settings\WD\Desktop\bootkit_remover.7z
[2011/05/16 19:56:52 | 000,039,605 | ---- | C] () -- C:\Documents and Settings\WD\Desktop\bootkit_remover.rar
[2011/05/16 19:53:17 | 001,110,476 | ---- | C] () -- C:\Program Files\7z920.exe
[2011/05/16 12:27:03 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\WD\Desktop\dds.scr
[2011/05/16 12:17:05 | 000,302,080 | ---- | C] () -- C:\Documents and Settings\WD\Desktop\ggsp3301.exe
[2011/05/15 18:14:47 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/05/15 18:12:40 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/05/15 11:35:30 | 000,000,264 | ---- | C] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/05/15 11:35:16 | 000,000,908 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/05/15 11:35:14 | 000,000,904 | ---- | C] () -- C:\Documents and Settings\WD\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk
[2011/05/15 11:35:13 | 000,000,886 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/05/14 13:51:17 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/14 13:47:05 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2011/05/14 13:46:32 | 004,700,823 | ---- | C] () -- C:\Program Files\YouTubeDownloaderSetup272.exe
[2011/05/14 08:30:11 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security Suite.lnk
[2011/05/11 19:20:31 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/05/11 10:36:32 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\WD\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/05/11 10:36:31 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Vuze.lnk
[2011/05/11 10:36:31 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vuze.lnk
[2011/03/27 10:14:45 | 000,000,103 | ---- | C] () -- C:\Program Files\oas-disabled-fix.cmd
[2011/03/25 08:40:34 | 000,691,385 | ---- | C] () -- C:\Program Files\RAVselect.zip
[2011/03/23 11:36:55 | 000,478,512 | ---- | C] () -- C:\Program Files\vlcmediaplayer-setup.exe
[2011/01/21 16:38:20 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/01/21 16:10:41 | 000,000,560 | ---- | C] () -- C:\Program Files\Shortcut to setup_av_free.exe.lnk
[2011/01/21 15:55:41 | 058,833,152 | ---- | C] () -- C:\Program Files\setup_av_free.exe
[2010/03/24 14:17:55 | 000,509,257 | ---- | C] () -- C:\Program Files\SKMBT_50009102212580.pdf
[2010/03/24 14:17:05 | 000,000,022 | ---- | C] () -- C:\Program Files\Karen Charles Profile.zip
[2010/03/24 14:15:17 | 000,523,597 | ---- | C] () -- C:\Program Files\3566_001.pdf
[2010/03/24 14:08:03 | 000,259,360 | ---- | C] () -- C:\Program Files\Offer.zip
[2010/03/24 14:03:26 | 001,117,766 | ---- | C] () -- C:\Program Files\4051_001.pdf
[2010/03/24 14:00:18 | 000,047,642 | ---- | C] () -- C:\Program Files\4054_001.pdf
[2010/03/24 13:58:21 | 000,150,802 | ---- | C] () -- C:\Program Files\3714_001.pdf
[2010/03/24 13:57:39 | 000,112,032 | ---- | C] () -- C:\Program Files\3715_001.pdf
[2010/03/24 13:57:22 | 000,636,269 | ---- | C] () -- C:\Program Files\4053_001.pdf
[2010/03/24 13:48:08 | 001,024,197 | ---- | C] () -- C:\Program Files\SBSA Avocado_001.pdf
[2010/03/24 08:56:14 | 000,025,374 | ---- | C] () -- C:\Program Files\4419 Avocado Blvd Amended Commission Instructions.zip
[2010/03/21 17:19:59 | 035,001,856 | ---- | C] () -- C:\Program Files\eav_nt32_enu.msi
[2010/02/01 20:03:51 | 008,246,504 | ---- | C] () -- C:\Program Files\Babylon8_setup.exe
[2010/01/28 16:54:25 | 000,023,107 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2009/12/07 06:45:03 | 000,077,371 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2009/11/26 20:56:16 | 000,061,710 | ---- | C] () -- C:\Program Files\baby charles.php
[2009/11/07 16:51:27 | 010,307,238 | ---- | C] () -- C:\Program Files\DVDneXtCOPY_Ultimate_V3_0_5_6.exe
[2009/10/15 18:12:08 | 000,068,027 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2009/10/15 17:48:50 | 000,188,700 | ---- | C] () -- C:\WINDOWS\hpwins22.dat
[2009/10/15 17:48:50 | 000,002,979 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat
[2009/09/21 15:09:01 | 004,855,296 | ---- | C] () -- C:\Program Files\epson10245.exe
[2009/08/13 16:05:33 | 008,319,598 | ---- | C] () -- C:\Program Files\Dell_1700_1700n_Win2KXP_Drivers_en.exe
[2009/08/07 13:33:09 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/08/03 19:26:20 | 007,908,106 | ---- | C] () -- C:\Program Files\VSE870P1.zip
[2009/08/03 19:26:11 | 059,489,250 | ---- | C] () -- C:\Program Files\VSE870LML.zip
[2009/03/29 15:00:33 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/03/28 07:26:00 | 009,708,961 | ---- | C] () -- C:\Program Files\DVDneXtCOPY_Ultimate_V3_0_4_6.exe
[2009/03/16 12:21:33 | 000,207,580 | ---- | C] () -- C:\Program Files\Prepped 2008 TaxReturn.pdf
[2009/03/01 16:06:10 | 001,948,608 | ---- | C] () -- C:\Program Files\R150860.EXE
[2009/02/07 11:39:32 | 002,051,072 | ---- | C] () -- C:\Program Files\i550xp190usz.exe
[2009/01/26 06:01:48 | 000,129,896 | ---- | C] () -- C:\Program Files\neac_jazzfest_09_final.pdf
[2009/01/24 07:26:59 | 000,001,086 | ---- | C] () -- C:\Program Files\The_Top_100_Lovemaking_Techniques_of_All_Time_-_A_MUST_HAVE!_extreme_seed_RK_banner_[mininova].torrent
[2008/11/30 00:46:52 | 006,126,416 | ---- | C] () -- C:\Program Files\seatoolsforwindowssetup.exe
[2008/11/30 00:45:56 | 003,997,231 | ---- | C] () -- C:\Program Files\FreeAgentCN.exe
[2008/11/19 11:34:33 | 000,113,136 | ---- | C] () -- C:\Program Files\Machinist2.setup.exe
[2008/11/19 11:14:59 | 000,041,817 | ---- | C] () -- C:\Program Files\machinist2.zip
[2008/08/16 06:53:12 | 006,187,805 | ---- | C] () -- C:\Program Files\Version23Navfit98.zip
[2008/08/11 19:45:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/06/26 13:07:31 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/04/29 19:43:08 | 002,403,400 | ---- | C] () -- C:\Program Files\SetupAnyDVD6412.exe
[2008/03/30 15:27:39 | 000,514,443 | ---- | C] () -- C:\Program Files\Samsung User Manual H-S203N_Eng.pdf
[2008/03/29 13:57:50 | 000,736,467 | ---- | C] () -- C:\Program Files\170_rpc1.zip
[2008/03/29 13:48:37 | 000,741,512 | ---- | C] () -- C:\Program Files\170bbt_orig.zip
[2008/03/29 13:35:35 | 000,740,200 | ---- | C] () -- C:\Program Files\111b_orig.zip
[2008/03/29 12:57:22 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\WD\Application Data\pcouffin.cat
[2008/03/29 12:57:22 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\WD\Application Data\pcouffin.inf
[2008/03/29 07:04:05 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/12/26 08:15:37 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/12/26 08:15:37 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/12/26 08:15:36 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\vidccleaner.exe
[2007/11/30 06:49:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\cbtsys.ini
[2007/08/06 20:22:25 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\WD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/21 05:21:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/07/20 15:26:57 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat
[2007/06/29 14:22:05 | 000,000,047 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2007/06/01 15:46:52 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2007/06/01 15:44:17 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/05/23 18:06:16 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS49.DLL
[2007/05/18 17:33:42 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2007/05/18 17:33:42 | 000,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2007/05/18 17:33:42 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\dc240u.sys
[2007/05/18 17:33:42 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2007/05/18 17:33:40 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007/05/18 17:33:40 | 000,048,640 | ---- | C] () -- C:\WINDOWS\catalogSubInstaller.exe
[2007/05/18 17:01:38 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/05/18 16:52:11 | 000,000,932 | ---- | C] () -- C:\WINDOWS\Epsonem.ini
[2007/05/18 15:29:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/18 15:29:36 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007/05/18 15:29:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2007/04/27 12:19:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/04/27 11:17:17 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/04/27 10:36:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/04/27 10:32:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/04/27 03:19:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/04/27 03:18:50 | 000,142,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/02/28 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 05:00:00 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 05:00:00 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/01/20 10:56:58 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Machinist2.dll
[2000/02/23 09:03:04 | 000,061,502 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL
[1999/01/22 12:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2008/07/10 19:03:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/03/09 15:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/03/19 13:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DShield
[2011/03/28 12:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVDneXtCOPY
[2010/03/21 17:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/01/21 16:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2007/05/25 10:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/07/30 16:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2011/01/23 21:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/08/22 19:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2007/11/28 16:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/03/29 07:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2008/08/23 08:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/06/15 06:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/04/02 19:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2011/05/16 20:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WD\Application Data\Azureus
[2008/09/30 20:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WD\Application Data\DBsign
[2009/03/16 17:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WD\Application Data\ICAClient
[2008/11/26 14:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WD\Application Data\ImgBurn
[2011/05/15 11:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WD\Application Data\IObit
[2009/09/04 18:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WD\Application Data\LimeWire
[2010/03/19 13:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WD\Application Data\mjusbsp
[2009/03/16 17:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WD\Application Data\Runaware
[2007/06/15 06:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WD\Application Data\Viewpoint
[2010/04/10 12:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WD\Application Data\Vso
[2011/05/17 08:28:04 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/08/29 18:04:02 | 048,287,568 | ---- | M] () -- C:\20090829-019-v5i32.exe
[2007/12/31 15:30:18 | 000,084,485 | ---- | M] () -- C:\3226203698.htm
[2008/02/16 13:48:39 | 006,281,272 | ---- | M] (IObit ) -- C:\Advanced Windows Care Setup.exe
[2007/06/01 16:59:51 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2007/06/01 16:59:51 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
[2008/03/30 15:32:43 | 000,000,030 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/03/19 17:03:21 | 000,097,511 | ---- | M] () -- C:\Barack Obama 18Mar08 Speech watch.htm
[2007/05/18 08:12:15 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/05/16 20:20:43 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2008/02/16 14:25:56 | 002,733,928 | ---- | M] (Piriform Ltd) -- C:\ccsetup204.exe
[2000/08/19 10:52:36 | 008,658,944 | ---- | M] () -- C:\ce2kmain.exe
[2008/01/02 22:50:00 | 001,660,495 | ---- | M] () -- C:\CleanWipe.exe
[2008/01/02 22:50:00 | 000,012,629 | ---- | M] () -- C:\CleanWipeRevisionHistory.txt
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/05/17 08:28:04 | 000,028,134 | ---- | M] () -- C:\ComboFix.txt
[2008/03/30 15:32:43 | 000,000,046 | ---- | M] () -- C:\CONFIG.SYS
[2007/09/03 18:20:08 | 000,128,344 | ---- | M] (Digital River) -- C:\Download_PlatoDVDRipper_CE.exe
[2011/03/19 13:21:05 | 000,000,000 | ---- | M] () -- C:\DVDPlayer.log
[2007/05/18 16:39:36 | 000,000,032 | ---- | M] () -- C:\e.txt
[2007/05/23 12:33:40 | 004,855,296 | ---- | M] () -- C:\epson10245.exe
[2007/05/18 16:51:55 | 000,000,006 | ---- | M] () -- C:\epson1200.txt
[2007/05/18 16:52:02 | 000,000,009 | ---- | M] () -- C:\epson1201.txt
[2008/07/02 10:01:33 | 000,000,138 | ---- | M] () -- C:\ESUGUnEn_DESKTOP-CC34A4D_20087210032687.log
[2008/07/02 10:01:35 | 000,000,129 | ---- | M] () -- C:\ESUGUnEn_DESKTOP-CC34A4D_20087210135750.log
[2008/07/02 10:01:35 | 000,000,131 | ---- | M] () -- C:\ESUGUnEn_DESKTOP-CC34A4D_20087210135906.log
[2008/07/02 10:01:36 | 000,000,134 | ---- | M] () -- C:\ESUGUnEn_DESKTOP-CC34A4D_20087210136312.log
[2008/07/02 10:01:36 | 000,000,134 | ---- | M] () -- C:\ESUGUnEn_DESKTOP-CC34A4D_20087210136625.log
[2009/03/27 16:40:56 | 122,792,840 | ---- | M] () -- C:\HighLogging.log
[2007/05/23 12:50:04 | 006,722,560 | ---- | M] () -- C:\i550 B645mux.exe
[2011/03/23 17:00:03 | 000,030,013 | ---- | M] () -- C:\install.log
[2007/04/27 10:34:31 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/01/01 12:13:04 | 000,594,880 | ---- | M] (Sharman Networks Ltd) -- C:\kazaa_setup.exe
[2007/09/15 07:25:27 | 001,957,620 | ---- | M] (WebSpeeders LLC) -- C:\LimeWireTurboAccelerator_installer.exe
[2007/10/05 20:31:21 | 002,982,334 | ---- | M] () -- C:\LYT0869-001B.pdf
[2007/06/01 17:26:18 | 000,000,010 | ---- | M] () -- C:\mmjbaltlog.txt
[2007/06/01 17:26:18 | 000,016,418 | ---- | M] () -- C:\mmjblog.txt
[2007/04/27 10:34:31 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/12/09 21:25:50 | 001,851,580 | ---- | M] () -- C:\mybizinfo.pdf
[2006/02/28 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/30 22:07:49 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2008/03/19 17:05:15 | 000,097,221 | ---- | M] () -- C:\Obama 18Mar08 Speechwatch.htm
[2011/05/17 06:11:19 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2007/04/27 11:17:20 | 000,000,206 | ---- | M] () -- C:\realtek.log
[2007/04/27 11:17:20 | 000,000,499 | ---- | M] () -- C:\RHDSetup.log
[2009/04/19 04:35:05 | 000,002,215 | ---- | M] () -- C:\rollback.ini
[2009/08/29 17:17:05 | 078,801,969 | ---- | M] () -- C:\SEP.zip
[2007/11/27 20:11:29 | 039,735,296 | -H-- | M] () -- C:\SyncToy_0aad269d-e2ed-4ec6-bec7-98185c8b755c.dat
[2007/06/01 17:26:18 | 000,002,978 | ---- | M] () -- C:\UserInfo.dat
[2011/05/17 15:08:09 | 000,094,360 | ---- | M] () -- C:\VETlog.dmp
[2011/05/17 15:08:10 | 003,749,380 | ---- | M] () -- C:\VETlog.txt
[2008/02/24 08:03:18 | 000,039,590 | ---- | M] () -- C:\video-i-have-a-dream-speech.htm

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2007/04/27 10:34:10 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2005/11/29 21:00:00 | 000,020,992 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD49.DLL
[2005/11/30 06:00:00 | 000,059,392 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP49.DLL
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/08/12 10:58:10 | 000,314,880 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp082.dll
[1998/12/11 18:29:52 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\OLFPNT40.DLL
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[1999/11/05 14:58:52 | 000,072,704 | ---- | M] () -- C:\WINDOWS\PhotoDeluxe.scr
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/03/29 13:35:42 | 000,740,200 | ---- | M] () -- C:\Program Files\111b_orig.zip
[2008/03/29 13:48:41 | 000,741,512 | ---- | M] () -- C:\Program Files\170bbt_orig.zip
[2008/03/29 13:57:54 | 000,736,467 | ---- | M] () -- C:\Program Files\170_rpc1.zip
[2010/03/24 14:15:19 | 000,523,597 | ---- | M] () -- C:\Program Files\3566_001.pdf
[2010/03/24 14:03:41 | 000,150,802 | ---- | M] () -- C:\Program Files\3714_001.pdf
[2010/03/24 14:03:54 | 000,112,032 | ---- | M] () -- C:\Program Files\3715_001.pdf
[2010/03/24 14:03:28 | 001,117,766 | ---- | M] () -- C:\Program Files\4051_001.pdf
[2010/03/24 13:59:04 | 000,636,269 | ---- | M] () -- C:\Program Files\4053_001.pdf
[2010/03/24 14:00:19 | 000,047,642 | ---- | M] () -- C:\Program Files\4054_001.pdf
[2010/03/24 08:56:16 | 000,025,374 | ---- | M] () -- C:\Program Files\4419 Avocado Blvd Amended Commission Instructions.zip
[2011/05/16 19:53:24 | 001,110,476 | ---- | M] () -- C:\Program Files\7z920.exe
[2008/12/01 15:28:26 | 000,104,448 | ---- | M] () -- C:\Program Files\aabwordapp.doc
[2010/02/24 13:54:22 | 027,386,256 | ---- | M] ( ) -- C:\Program Files\AdbeRdr930_en_US.exe
[2010/02/11 18:16:55 | 000,209,784 | ---- | M] (AOL LLC.) -- C:\Program Files\AOLDNLD.exe
[2011/03/09 14:54:59 | 002,195,440 | ---- | M] (AOL Inc.) -- C:\Program Files\aol_toolbar.exe
[2011/05/15 11:33:08 | 030,459,048 | ---- | M] (IObit ) -- C:\Program Files\asc4-setup-cnet.exe
[2011/01/21 16:21:30 | 004,622,344 | ---- | M] (AVG Technologies) -- C:\Program Files\avg_avct_stb_all_2011_1191_cnet.exe
[2011/01/21 16:09:02 | 004,622,344 | ---- | M] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_2011_1191_cnet.exe
[2008/08/23 08:58:52 | 006,543,440 | ---- | M] (IObit ) -- C:\Program Files\AWCSetup.exe
[2009/11/26 20:56:18 | 000,061,710 | ---- | M] () -- C:\Program Files\baby charles.php
[2010/02/01 20:04:04 | 008,246,504 | ---- | M] () -- C:\Program Files\Babylon8_setup.exe
[2011/05/11 19:19:37 | 003,063,136 | ---- | M] (Piriform Ltd) -- C:\Program Files\ccsetup306.exe
[2008/09/30 20:41:33 | 003,229,288 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\DBsignWebSigner.exe
[2009/08/13 16:56:26 | 008,319,598 | ---- | M] () -- C:\Program Files\Dell_1700_1700n_Win2KXP_Drivers_en.exe
[2010/04/10 19:31:59 | 001,180,952 | ---- | M] (DivX, Inc. ) -- C:\Program Files\DivXInstaller.exe
[2008/06/28 18:51:52 | 000,636,192 | ---- | M] (McAfee, Inc.) -- C:\Program Files\DMSetup-Serial.exe
[2009/08/13 17:17:56 | 001,045,536 | ---- | M] (PC Drivers HeadQuarters ) -- C:\Program Files\DriverDetective.exe
[2008/11/19 11:40:06 | 000,568,576 | ---- | M] ( ) -- C:\Program Files\DVD43_4-4-0_Setup.exe
[2008/05/28 19:31:40 | 007,056,016 | ---- | M] (Fengtao Software Inc. ) -- C:\Program Files\DVDFab5025.exe
[2009/01/09 22:31:55 | 008,002,152 | ---- | M] (Fengtao Software Inc. ) -- C:\Program Files\DVDFab5230.exe
[2009/02/05 18:08:02 | 008,004,480 | ---- | M] (Fengtao Software Inc. ) -- C:\Program Files\DVDFab5232.exe
[2009/11/25 20:18:08 | 013,249,536 | ---- | M] (Fengtao Software Inc. ) -- C:\Program Files\DVDFab6205.exe
[2010/04/10 12:33:19 | 013,856,752 | ---- | M] (Fengtao Software Inc. ) -- C:\Program Files\DVDFab7030.exe
[2008/03/29 12:56:56 | 006,678,400 | ---- | M] (Fengtao Software Inc. ) -- C:\Program Files\DVDFabPlatinum4120.exe
[2011/03/19 13:40:37 | 010,904,766 | ---- | M] (DVDneXtCOPY Inc.) -- C:\Program Files\dvdnextcopy_ultimate_setup.exe
[2009/03/28 07:26:05 | 009,708,961 | ---- | M] () -- C:\Program Files\DVDneXtCOPY_Ultimate_V3_0_4_6.exe
[2009/11/07 16:51:33 | 010,307,238 | ---- | M] () -- C:\Program Files\DVDneXtCOPY_Ultimate_V3_0_5_6.exe
[2010/03/21 17:40:00 | 035,001,856 | ---- | M] () -- C:\Program Files\eav_nt32_enu.msi
[2009/09/21 15:09:09 | 004,855,296 | ---- | M] () -- C:\Program Files\epson10245.exe
[2011/03/28 11:59:50 | 038,808,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\FileFormatConverters.exe
[2008/11/30 00:45:56 | 003,997,231 | ---- | M] () -- C:\Program Files\FreeAgentCN.exe
[2011/03/20 19:07:24 | 006,449,984 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro35.exe
[2009/04/07 16:49:44 | 002,051,072 | ---- | M] () -- C:\Program Files\i550xp190usz.exe
[2010/03/24 14:36:14 | 000,000,022 | ---- | M] () -- C:\Program Files\Karen Charles Profile.zip
[2009/08/11 09:17:10 | 018,863,384 | ---- | M] (Lime Wire LLC) -- C:\Program Files\LimeWireWin.exe
[2009/03/28 05:42:19 | 000,113,136 | ---- | M] () -- C:\Program Files\Machinist2.setup.exe
[2008/11/19 11:14:59 | 000,041,817 | ---- | M] () -- C:\Program Files\machinist2.zip
[2011/05/14 13:51:00 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.50.1.1100.exe
[2011/03/31 16:00:50 | 000,458,096 | ---- | M] (McAfee Inc.) -- C:\Program Files\MVTInstaller.exe
[2009/01/26 06:01:48 | 000,129,896 | ---- | M] () -- C:\Program Files\neac_jazzfest_09_final.pdf
[2011/03/27 10:14:38 | 000,000,103 | ---- | M] () -- C:\Program Files\oas-disabled-fix.cmd
[2010/03/24 14:08:04 | 000,259,360 | ---- | M] () -- C:\Program Files\Offer.zip
[2009/03/16 12:21:34 | 000,207,580 | ---- | M] () -- C:\Program Files\Prepped 2008 TaxReturn.pdf
[2009/03/01 16:06:13 | 001,948,608 | ---- | M] () -- C:\Program Files\R150860.EXE
[2011/04/05 09:57:42 | 000,231,224 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\RapportSetup.exe
[2011/03/25 08:40:35 | 000,691,385 | ---- | M] () -- C:\Program Files\RAVselect.zip
[2008/08/22 20:22:40 | 007,507,296 | ---- | M] (PC Tools ) -- C:\Program Files\rminstall.exe
[2008/03/30 15:27:42 | 000,514,443 | ---- | M] () -- C:\Program Files\Samsung User Manual H-S203N_Eng.pdf
[2010/03/24 13:48:11 | 001,024,197 | ---- | M] () -- C:\Program Files\SBSA Avocado_001.pdf
[2009/08/13 16:11:08 | 113,328,018 | ---- | M] (McAfee, Inc.) -- C:\Program Files\sdat5707.exe
[2008/11/30 00:46:55 | 006,126,416 | ---- | M] () -- C:\Program Files\seatoolsforwindowssetup.exe
[2008/04/29 19:53:56 | 002,403,400 | ---- | M] () -- C:\Program Files\SetupAnyDVD6412.exe
[2008/11/26 14:47:25 | 001,971,378 | ---- | M] (LIGHTNING UK!) -- C:\Program Files\SetupImgBurn_2.4.2.0.exe
[2011/01/21 16:07:54 | 058,833,152 | ---- | M] () -- C:\Program Files\setup_av_free.exe
[2011/01/21 16:10:41 | 000,000,560 | ---- | M] () -- C:\Program Files\Shortcut to setup_av_free.exe.lnk
[2010/03/24 14:17:56 | 000,509,257 | ---- | M] () -- C:\Program Files\SKMBT_50009102212580.pdf
[2008/11/10 12:23:40 | 000,149,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\startzune.exe
[2009/08/13 16:38:41 | 000,055,564 | ---- | M] () -- C:\Program Files\SuperDAT.log
[2009/01/24 07:26:59 | 000,001,086 | ---- | M] () -- C:\Program Files\The_Top_100_Lovemaking_Techniques_of_All_Time_-_A_MUST_HAVE!_extreme_seed_RK_banner_[mininova].torrent
[2009/01/06 17:50:23 | 006,187,805 | ---- | M] () -- C:\Program Files\Version23Navfit98.zip
[2011/03/23 11:38:40 | 000,478,512 | ---- | M] () -- C:\Program Files\vlcmediaplayer-setup.exe
[2009/08/13 16:17:10 | 059,489,250 | ---- | M] () -- C:\Program Files\VSE870LML.zip
[2009/08/13 16:17:41 | 007,908,106 | ---- | M] () -- C:\Program Files\VSE870P1.zip
[2008/10/05 11:49:55 | 001,851,944 | ---- | M] (VSO-Software SARL ) -- C:\Program Files\vso_inspector_setup.exe
[2011/05/13 18:28:38 | 008,902,072 | ---- | M] (Vuze Inc.) -- C:\Program Files\Vuze_Installer.exe
[2008/06/05 21:15:52 | 000,667,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB941644-x86-ENU.exe
[2009/04/19 13:29:31 | 025,740,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2010/03/23 19:01:23 | 024,023,528 | ---- | M] (Corel Corporation ) -- C:\Program Files\WordPerfectLightningInstaller.exe
[2010/03/23 18:52:51 | 360,710,968 | ---- | M] (Acresso Software Inc. ) -- C:\Program Files\WordPerfectOfficeInstaller.exe
[2011/03/28 11:57:19 | 025,685,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\wordview_en-us.exe
[2011/05/14 13:46:38 | 004,700,823 | ---- | M] () -- C:\Program Files\YouTubeDownloaderSetup272.exe
[2009/04/17 08:26:54 | 387,983,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\ZunePackage31.exe
[2009/04/17 07:52:02 | 137,572,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\zunesetuppkg-x86.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2007/04/27 03:17:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/04/27 03:17:56 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/04/27 03:17:56 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/08/30 22:12:55 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/05/18 08:12:38 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\WD\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2007/05/18 08:12:38 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\WD\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2007/08/31 20:01:30 | 023,402,288 | ---- | M] ( ) -- C:\Documents and Settings\WD\Desktop\AdbeRdr810_en_US.exe
[2011/05/17 08:16:02 | 004,350,228 | R--- | M] () -- C:\Documents and Settings\WD\Desktop\ComboFix.exe
[2008/07/07 06:07:06 | 026,451,968 | ---- | M] () -- C:\Documents and Settings\WD\Desktop\FreeAgent-DT-WW.exe
[2011/05/16 12:17:06 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\WD\Desktop\ggsp3301.exe
[2008/07/07 07:12:27 | 004,898,144 | ---- | M] (Lime Wire LLC) -- C:\Documents and Settings\WD\Desktop\LimeWireWin.exe
[2011/05/17 15:30:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WD\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >
[1998/12/08 20:53:54 | 000,099,840 | ---- | M] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL
[1998/12/08 20:53:54 | 000,048,640 | ---- | M] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL
[1998/12/08 20:53:54 | 000,070,144 | ---- | M] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL
[1998/12/08 20:53:54 | 000,186,368 | ---- | M] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL
[1998/12/08 20:53:54 | 000,017,920 | ---- | M] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL
[1998/12/08 20:53:54 | 000,031,744 | ---- | M] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2008/07/07 06:05:03 | 024,051,251 | ---- | M] () -- C:\Documents and Settings\WD\My Documents\FreeAgent-DT-WW.exe
[2009/08/13 16:57:24 | 001,948,608 | ---- | M] () -- C:\Documents and Settings\WD\My Documents\R150860.EXE
[3 C:\Documents and Settings\WD\My Documents\*.tmp files -> C:\Documents and Settings\WD\My Documents\*.tmp -> ]

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/05/18 08:12:38 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\WD\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2008/07/10 06:17:13 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\WD\Cookies\desktop.ini
[2011/05/17 15:32:42 | 000,065,536 | -HS- | M] () -- C:\Documents and Settings\WD\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 17:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 10:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 11:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 11:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 11:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >
 
OTL Extras logfile

OTL Extras logfile created on: 5/17/2011 3:36:11 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\WD\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 474.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 63.62 Gb Free Space | 27.32% Space Free | Partition Type: NTFS
Drive D: | 2.26 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DESKTOP-CC34A4D | User Name: WD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = aolfile_HTM] -- C:\Program Files\AOL 9.0\aol.exe (AOL, LLC.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- C:\PROGRA~1\AOL9~1.0\aol.exe -u"%1" (AOL, LLC.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hp\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\Hp\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\HP Software Update\hpwucli.exe" = C:\Program Files\Hp\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\Hp\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\Hp\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (America Online)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Common Files\AOL\1180737898\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1180737898\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL Inc.)
"C:\Program Files\AOL 9.0a\waol.exe" = C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Omemo\Omemo.exe" = C:\Program Files\Omemo\Omemo.exe:*:Enabled:Omemo -- (MP2P Technologies)
"C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hp\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\Hp\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\HP Software Update\hpwucli.exe" = C:\Program Files\Hp\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\Hp\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\Hp\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Documents and Settings\WD\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\WD\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
"{111A3D14-7596-43B0-92BA-418435C90672}" = Intel(R) PRO Network Connections
"{118792B0-F470-11D3-86A9-00C04F6E09F2}" = Microsoft Project 2000
"{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware
"{18AB082B-6584-4F74-8ABC-D5935CF46E4C}" = 8500A909_eDocs
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 25
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36C9E08A-BE2B-40A0-83C5-576748F7B777}" = TestDrive Client
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards
"{44D21B77-D4FC-49E8-A726-CD00D5016703}" = DBsign Web Signer
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{55FA89BD-21D3-42F7-9249-C94C0094A83C}" = Apple Software Update
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{624E7452-BA43-4f55-B9D5-FC75EEA0808B}" = Officejet Pro 8500 A909 Series
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{87F1FB43-548D-49A9-B524-7AD058900944}" = Risk+ 2.0 for Microsoft Project
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient CAC 6.1 x86
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Digimax Master
"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe 1.8.15.1
"{B495547C-01F8-4836-A2E6-749B5F3EA691}" = 8500A909_Help
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CD8C5C7F-7C58-4F85-8977-A6C08C087912}" = MPM
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5DEF057-D3BC-499f-99EE-884ED429B6D1}" = 8500A909g
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DA8BF070-1358-4a30-A68F-21E0E9421AEF}" = ProductContext
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EE8AB204-580F-432F-AD82-21A838EE1033}" = Nero 8
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FF04A828-ABA4-11D7-A021-0060979CE4D3}" = V92 PCI Voice Faxmodem
"{FF70513F-E3A7-402F-84FB-B7810A064BE2}" = Zune
"7-Zip" = 7-Zip 9.20
"8461-7759-5462-8226" = Vuze
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe PhotoDeluxe Home Edition 4.0" = Adobe PhotoDeluxe Home Edition 4.0
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"Advanced WindowsCare V2 Personal_is1" = Advanced WindowsCare Personal
"AOL Regclient" = AOL Registration
"AOL Toolbar" = AOL Toolbar
"AOL Toolbar 5.0" =
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Best Security Tips Toolbar" = Best Security Tips Toolbar
"CANONBJ_Deinstall_CNMCP49.DLL" = Canon i550
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F50&SUBSYS_207C14F1" = Soft Voice SoftRing Modem with SmartSP
"conduitEngine" = Conduit Engine
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)
"DVDFab 7_is1" = DVDFab 7.0.3.0 (26/03/2010)
"DVDFab 8_is1" = DVDFab 8.0.7.3 (29/01/2011)
"DVDFab Platinum 4_is1" = DVDFab Platinum 4.1.2.0
"DVDneXtCOPY 3 Ultimate" = DVDneXtCOPY 3 Ultimate
"GoToAssist" = GoToAssist Corporate
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"InterActual Player" = InterActual Player
"LimeWire" = LimeWire 5.2.13
"Machinist2DLL" = Machinist2DLL
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Virtual Technician" = McAfee Virtual Technician
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee Internet Security Suite
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MVApplication1" = SureThing CD Labeler - Stomper Edition 32 bit
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Omemo" = Omemo 0.27 Beta
"Shop for HP Supplies" = Shop for HP Supplies
"SmartForce Player" = SmartForce Player
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ST6UNST #1" = P_CS
"ST6UNST #2" = NavFit98A
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6f
"VSO Inspector_is1" = VSO Inspector 1.4.2
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"wInsight 5.0" = wInsight 5.0
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"Yahoo! Companion" = Yahoo! Toolbar
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3322274812-3615762775-2885428501-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/2/2011 6:04:08 AM | Computer Name = DESKTOP-CC34A4D | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- There is a
problem with this Windows Installer package. Please refer to the setup log for
more information.

Error - 4/2/2011 6:04:26 AM | Computer Name = DESKTOP-CC34A4D | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB980773'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET Framework
2.0-KB2418241_20110402_100232906-Msi0.txt.

Error - 4/2/2011 6:04:26 AM | Computer Name = DESKTOP-CC34A4D | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB2418241'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET Framework
2.0-KB2418241_20110402_100232906-Msi0.txt.

Error - 4/2/2011 6:04:26 AM | Computer Name = DESKTOP-CC34A4D | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2418241,
P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 4/2/2011 6:06:00 AM | Computer Name = DESKTOP-CC34A4D | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- There is a
problem with this Windows Installer package. Please refer to the setup log for
more information.

Error - 4/2/2011 6:06:18 AM | Computer Name = DESKTOP-CC34A4D | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB983583'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET Framework
2.0-KB983583_20110402_100432453-Msi0.txt.

Error - 4/2/2011 6:06:19 AM | Computer Name = DESKTOP-CC34A4D | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb983583,
P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 4/2/2011 9:12:59 AM | Computer Name = DESKTOP-CC34A4D | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 8

Error - 4/2/2011 1:49:06 PM | Computer Name = DESKTOP-CC34A4D | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 8

Error - 4/2/2011 3:30:16 PM | Computer Name = DESKTOP-CC34A4D | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 8

[ System Events ]
Error - 5/17/2011 11:05:09 AM | Computer Name = DESKTOP-CC34A4D | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/17/2011 11:05:09 AM | Computer Name = DESKTOP-CC34A4D | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/17/2011 11:05:09 AM | Computer Name = DESKTOP-CC34A4D | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/17/2011 11:05:09 AM | Computer Name = DESKTOP-CC34A4D | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/17/2011 11:05:09 AM | Computer Name = DESKTOP-CC34A4D | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/17/2011 11:05:09 AM | Computer Name = DESKTOP-CC34A4D | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/17/2011 11:05:30 AM | Computer Name = DESKTOP-CC34A4D | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/17/2011 11:05:39 AM | Computer Name = DESKTOP-CC34A4D | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/17/2011 11:20:54 AM | Computer Name = DESKTOP-CC34A4D | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/17/2011 4:17:16 PM | Computer Name = DESKTOP-CC34A4D | Source = SCR3XX2K | ID = 0
Description =


< End of report >
 
Uninstall Advanced SystemCare 4.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


======================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - Reg Error: Value error. File not found
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - Reg Error: Value error. File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = File not found
O15 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3322274812-3615762775-2885428501-1006\..Trusted Domains: navy.mil ([webmail.west.nmci] https in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
[2011/01/21 16:21:25 | 004,622,344 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_avct_stb_all_2011_1191_cnet.exe
[2011/01/21 16:08:55 | 004,622,344 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_2011_1191_cnet.exe
[1998/12/08 20:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL
[1998/12/08 20:53:54 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL
[1998/12/08 20:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL
[1998/12/08 20:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL
[1998/12/08 20:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL
[1998/12/08 20:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\WD\My Documents\*.tmp files -> C:\Documents and Settings\WD\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2007/06/15 06:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/06/15 06:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WD\Application Data\Viewpoint
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" =-

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

====================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Broni, deleted advanced windows care and followed other guidance, mcafee real time scan will not stay active. OTL log follows

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{FE063DB9-4EC0-403e-8DD8-394C54984B2C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk moved successfully.
Registry key HKEY_USERS\S-1-5-21-3322274812-3615762775-2885428501-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3322274812-3615762775-2885428501-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3322274812-3615762775-2885428501-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3322274812-3615762775-2885428501-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
Registry key HKEY_USERS\S-1-5-21-3322274812-3615762775-2885428501-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\navy.mil\webmail.west.nmci\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
C:\Program Files\avg_avct_stb_all_2011_1191_cnet.exe moved successfully.
C:\Program Files\avg_free_stb_all_2011_1191_cnet.exe moved successfully.
C:\Program Files\Common Files\IRAREG.DLL moved successfully.
C:\Program Files\Common Files\IRAABOUT.DLL moved successfully.
C:\Program Files\Common Files\IRAMDMTR.DLL moved successfully.
C:\Program Files\Common Files\IRALPTTR.DLL moved successfully.
C:\Program Files\Common Files\IRAWEBTR.DLL moved successfully.
C:\Program Files\Common Files\IRASRIAL.DLL moved successfully.
C:\WINDOWS\002779_.tmp deleted successfully.
C:\WINDOWS\DUMP33a2.tmp deleted successfully.
C:\WINDOWS\DUMP33f0.tmp deleted successfully.
C:\WINDOWS\DUMP4352.tmp deleted successfully.
C:\WINDOWS\SE264ACA6.tmp deleted successfully.
C:\WINDOWS\SET25.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\Documents and Settings\WD\My Documents\~WRL0001.tmp deleted successfully.
C:\Documents and Settings\WD\My Documents\~WRL0002.tmp deleted successfully.
C:\Documents and Settings\WD\My Documents\~WRL0012.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\WD\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\WD\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\WD\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\WD\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\WD\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\WD\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\WD\Application Data\Viewpoint folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users
->Flash cache emptied: 149 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 33 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65737 bytes
->Flash cache emptied: 33 bytes

User: WD
->Temp folder emptied: 1188223 bytes
->Temporary Internet Files folder emptied: 25171923 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 3633 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 225376990 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 240.00 mb


[EMPTYFLASH]

User: All Users
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: WD
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Error: Unable to interpret <[Reboot]•> in the current context!

OTL by OldTimer - Version 3.2.22.3 log created on 05172011_163210

Files\Folders moved on Reboot...
C:\WINDOWS\temp\HPSLPSVC0003.log moved successfully.

Registry entries deleted on Reboot...
 
Yes, still out here

Mcafee is currently "green" w/real time scanning "on", but the real time scanniing has not been staying "on"
 
Status
Not open for further replies.

Similar threads

A
  • Locked
Inactive McAfee real time scan will not stay on
Replies
6
Views
4K
Broni
Broni

Latest posts

Back